Epyc 8434P Firmware Security Vulnerabilities - 2023

CVE-2021-26345

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

CVE-2021-46774

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

CVE-2022-23830

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.