Epyc 7773X Firmware Security Vulnerabilities - CVSS Score 9 - 10

CVE-2021-26379

Insufficient input validation of mailbox data in theSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentiallyleading to a loss of integrity and privilege escalation.

CVE-2021-46756

Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.

CVE-2021-46762

Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.

CVE-2023-20520

Improper access control settings in ASPBootloader may allow an attacker to corrupt the return address causing astack-based buffer overrun potentially leading to arbitrary code execution.