Описание
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0.5 (исключая)
Одновременно
cpe:2.3:o:amd:comboam4v2_pi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.0.7 (исключая)
Одновременно
cpe:2.3:o:amd:renoirpi-fp6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.0.6 (исключая)
Одновременно
cpe:2.3:o:amd:cezannepi-fp6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:cezannepi-fp6:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00042
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-367
CWE-367
Связанные уязвимости
CVSS3: 1.9
redhat
около 3 лет назад
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
CVSS3: 4.7
github
около 3 лет назад
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
EPSS
Процентиль: 12%
0.00042
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-367
CWE-367