Amd Epyc_7373x
71 CVEs affecting Amd Epyc_7373x. Latest disclosed: 2024-08-13. Critical: 3, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-20520 | Critical | 9.8 | 2023-05-09 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading… |
CVE-2021-26379 | Critical | 9.8 | 2023-05-09 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity a… |
CVE-2021-46756 | Critical | 9.1 | 2023-05-09 | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send… |
CVE-2021-46769 | High | 8.8 | 2023-05-09 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution… |
CVE-2024-21980 | High | 7.9 | 2024-08-05 | Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in… |
CVE-2021-26398 | High | 7.8 | 2023-01-11 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor… |
CVE-2021-26316 | High | 7.8 | 2023-01-11 | Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (… |
CVE-2021-46771 | High | 7.8 | 2022-05-10 | Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user… |
CVE-2021-26353 | High | 7.8 | 2022-05-10 | Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulti… |
CVE-2021-26324 | High | 7.8 | 2022-05-10 | A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. |
CVE-2023-20578 | High | 7.5 | 2024-08-13 | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications… |
CVE-2023-20524 | High | 7.5 | 2023-05-09 | An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to… |
CVE-2022-23818 | High | 7.5 | 2023-05-09 | Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. … |
CVE-2021-46764 | High | 7.5 | 2023-05-09 | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of… |
CVE-2021-46763 | High | 7.5 | 2023-05-09 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to… |
CVE-2023-20531 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of se… |
CVE-2023-20530 | High | 7.5 | 2023-01-11 | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. |
CVE-2023-20529 | High | 7.5 | 2023-01-11 | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service… |
CVE-2021-26356 | High | 7.4 | 2023-05-09 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and infor… |
CVE-2021-26344 | High | 7.2 | 2024-08-13 | An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image… |