Amd 3rd Gen Epyc
26 CVEs affecting Amd 3rd Gen Epyc. Latest disclosed: 2023-01-11. Critical: 0, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-39298 | High | 8.8 | 2022-02-16 | A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbit… |
CVE-2021-26409 | High | 7.8 | 2023-01-11 | Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested P… |
CVE-2021-26398 | High | 7.8 | 2023-01-11 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor… |
CVE-2021-26316 | High | 7.8 | 2023-01-11 | Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (… |
CVE-2021-26353 | High | 7.8 | 2022-05-10 | Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulti… |
CVE-2023-20531 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of se… |
CVE-2023-20530 | High | 7.5 | 2023-01-11 | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. |
CVE-2023-20529 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service… |
CVE-2023-20522 | High | 7.5 | 2023-01-11 | Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. |
CVE-2021-46779 | High | 7.1 | 2023-01-11 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Proces… |
CVE-2021-26402 | High | 7.1 | 2023-01-11 | Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled d… |
CVE-2023-20527 | Medium | 6.5 | 2023-01-11 | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-servic… |
CVE-2023-20525 | Medium | 6.5 | 2023-01-11 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially… |
CVE-2021-46767 | Medium | 6.1 | 2023-01-11 | Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integ… |
CVE-2023-20523 | Medium | 5.7 | 2023-01-11 | TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. |
CVE-2021-46791 | Medium | 5.5 | 2023-01-11 | Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynami… |
CVE-2021-46768 | Medium | 5.5 | 2023-01-11 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a… |
CVE-2021-26404 | Medium | 5.5 | 2023-01-11 | Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. |
CVE-2021-26355 | Medium | 5.5 | 2023-01-11 | Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-… |
CVE-2021-26343 | Medium | 5.5 | 2023-01-11 | Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result… |