Amd 2nd Gen Epyc
18 CVEs affecting Amd 2nd Gen Epyc. Latest disclosed: 2023-01-11. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-39298 | High | 8.8 | 2022-02-16 | A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbit… |
CVE-2021-26398 | High | 7.8 | 2023-01-11 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor… |
CVE-2021-26316 | High | 7.8 | 2023-01-11 | Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (… |
CVE-2023-20531 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of se… |
CVE-2023-20529 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service… |
CVE-2023-20522 | High | 7.5 | 2023-01-11 | Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. |
CVE-2021-46779 | High | 7.1 | 2023-01-11 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Proces… |
CVE-2021-26402 | High | 7.1 | 2023-01-11 | Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled d… |
CVE-2023-20527 | Medium | 6.5 | 2023-01-11 | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-servic… |
CVE-2023-20525 | Medium | 6.5 | 2023-01-11 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially… |
CVE-2021-26403 | Medium | 6.5 | 2023-01-11 | Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. |
CVE-2021-46767 | Medium | 6.1 | 2023-01-11 | Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integ… |
CVE-2023-20523 | Medium | 5.7 | 2023-01-11 | TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. |
CVE-2021-46768 | Medium | 5.5 | 2023-01-11 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a… |
CVE-2021-26407 | Medium | 5.5 | 2023-01-11 | A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. |
CVE-2023-20532 | Medium | 5.3 | 2023-01-11 | Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. |
CVE-2022-23813 | Medium | 5.3 | 2023-01-11 | The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confident… |
CVE-2023-20528 | Low | 2.4 | 2023-01-11 | Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of conf… |