Athlon™ 3000 series mobile processors with radeon™ graphics “pollock”

This hub aggregates every CVE we track for Athlon™ 3000 series mobile processors with radeon™ graphics “pollock”, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Athlon™ 3000 series mobile processors with radeon™ graphics “pollock”.

• CVE-2022-23821Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. 9.8Nov 14, 2023
• CVE-2023-20521TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial ...3.3Nov 14, 2023
• CVE-2023-20555Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary ...7.8Aug 8, 2023
• CVE-2021-46794Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting i...7.5May 9, 2023
• CVE-2021-46759Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents o...6.1May 9, 2023
• CVE-2021-46756Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the b...9.1May 9, 2023
• CVE-2021-46754Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the S...9.1May 9, 2023
• CVE-2021-46753Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and over...9.1May 9, 2023
• CVE-2021-46749Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting i...7.5May 9, 2023
• CVE-2021-26406Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially res...7.5May 9, 2023
• CVE-2021-26371A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. ...5.5May 9, 2023
• CVE-2021-26365Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of...8.2May 9, 2023
• CVE-2021-26354Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a l...5.5May 9, 2023