Input validation

2023-05-0919:15:00

PRIOn knowledge base

www.prio-n.com

input validation

owner's certificate authority

sev

sev-es

denial of service

nvd

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Insufficient validation in parsing Owner’s
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.

CPENameOperatorVersion
epyc_7232p_firmwareeqromepi-1.0.0.a
epyc_7251_firmwareeqnaplespi-1.0.0.e
epyc_7252_firmwareeqromepi-1.0.0.a
epyc_7261_firmwareeqnaplespi-1.0.0.e
epyc_7262_firmwareeqromepi-1.0.0.a
epyc_7272_firmwareeqromepi-1.0.0.a
epyc_7281_firmwareeqnaplespi-1.0.0.e
epyc_7282_firmwareeqromepi-1.0.0.a
epyc_7301_firmwareeqnaplespi-1.0.0.e
epyc_7302_firmwareeqromepi-1.0.0.a

Name	Operator	Version
epyc_7232p_firmware	eq	romepi-1.0.0.a
epyc_7251_firmware	eq	naplespi-1.0.0.e
epyc_7252_firmware	eq	romepi-1.0.0.a
epyc_7261_firmware	eq	naplespi-1.0.0.e
epyc_7262_firmware	eq	romepi-1.0.0.a
epyc_7272_firmware	eq	romepi-1.0.0.a
epyc_7281_firmware	eq	naplespi-1.0.0.e
epyc_7282_firmware	eq	romepi-1.0.0.a
epyc_7301_firmware	eq	naplespi-1.0.0.e
epyc_7302_firmware	eq	romepi-1.0.0.a