Amd Epyc_7252_firmware
73 CVEs affecting Amd Epyc_7252_firmware. Latest disclosed: 2024-08-13. Critical: 3, High: 25.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-20520 | Critical | 9.8 | 2023-05-09 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading… |
CVE-2021-26379 | Critical | 9.8 | 2023-05-09 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity a… |
CVE-2021-46756 | Critical | 9.1 | 2023-05-09 | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send… |
CVE-2021-46769 | High | 8.8 | 2023-05-09 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution… |
CVE-2021-26340 | High | 8.4 | 2021-12-10 | A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (T… |
CVE-2021-26398 | High | 7.8 | 2023-01-11 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor… |
CVE-2021-26316 | High | 7.8 | 2023-01-11 | Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (… |
CVE-2021-26335 | High | 7.8 | 2021-11-16 | Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to s… |
CVE-2021-26331 | High | 7.8 | 2021-11-16 | AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code executio… |
CVE-2020-12961 | High | 7.8 | 2021-11-16 | A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management N… |
CVE-2020-12944 | High | 7.8 | 2021-11-16 | Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
CVE-2023-20578 | High | 7.5 | 2024-08-13 | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications… |
CVE-2023-20524 | High | 7.5 | 2023-05-09 | An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to… |
CVE-2021-46764 | High | 7.5 | 2023-05-09 | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of… |
CVE-2021-46763 | High | 7.5 | 2023-05-09 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to… |
CVE-2021-26406 | High | 7.5 | 2023-05-09 | Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application ca… |
CVE-2023-20531 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of se… |
CVE-2023-20529 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service… |
CVE-2021-26338 | High | 7.5 | 2021-11-16 | Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potent… |
CVE-2021-26322 | High | 7.5 | 2021-11-16 | Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. |