Azure Stack Hub Spoofing Vulnerability

Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.

Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability.

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.