Lucene search
K
AmdEpyc 7002 Firmware

33 matches found

CVE
CVE
added 2022/07/12 3:50 p.m.393 views

CVE-2022-29900

CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...

6.5CVSS7.3AI score0.03764EPSS
CVE
CVE
added 2022/07/14 7:27 p.m.391 views

CVE-2022-23825

CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...

6.5CVSS6.8AI score0.00785EPSS
CVE
CVE
added 2022/11/09 8:48 p.m.241 views

CVE-2022-23824

Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...

5.5CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2022/06/15 7:13 p.m.157 views

CVE-2022-23823

CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...

6.5CVSS6AI score0.01044EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.127 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2022/05/11 4:22 p.m.117 views

CVE-2021-26347

CVE-2021-26347 is referenced in several advisories as part of AMD/ kernel-firmware updates. The description states a failure to validate the integer operand in the AMD Secure Processor bootloader could allow an integer overflow in the L2 directory table in SPI flash, potentially causing a denial ...

4.7CVSS5.5AI score0.00188EPSS
CVE
CVE
added 2022/05/11 4:40 p.m.112 views

CVE-2021-46744

Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.

6.5CVSS6.3AI score0.00328EPSS
CVE
CVE
added 2022/05/10 6:22 p.m.96 views

CVE-2021-26408

The CVE-2021-26408 issue affects AMD SEV-legacy firmware, where insufficient validation of elliptic curve points during SEV-legacy guest migration could lead to loss of guest integrity or confidentiality. This is rooted in inadequate point validation within SEV-legacy firmware. According to the c...

7.1CVSS7.1AI score0.00259EPSS
CVE
CVE
added 2022/05/10 6:25 p.m.92 views

CVE-2021-26370

Summary: CVE-2021-26370 describes an improper validation of the destination address in AMD EPYC UApp/ABL handling via SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB. Affected product/area: AMD EPYC server processors featuring UApp/ABL (as described in related sources). The issue conc...

7.1CVSS7.1AI score0.00222EPSS
CVE
CVE
added 2021/11/16 6:11 p.m.89 views

CVE-2020-12954

CVE-2020-12954 relates to an AMD Platform Security Processor (ASP) boot loader header where improper input and range validation can allow attacker-controlled values before signature verification, potentially enabling arbitrary code execution and bypassing SPI ROM protections to modify SPI ROM. Th...

5.5CVSS5.9AI score0.00224EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.84 views

CVE-2021-46778

CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...

5.6CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.83 views

CVE-2021-26398

CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...

7.8CVSS7.9AI score0.00212EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.83 views

CVE-2021-26402

CVE-2021-26402 describes insufficient bounds checking in the AMD Secure Processor (ASP) firmware during BIOS mailbox handling, enabling an attacker to write partially controlled data out-of-bounds into SMM or SEV-ES regions and potentially compromise integrity and availability. The issue is discu...

7.1CVSS7.2AI score0.0018EPSS
CVE
CVE
added 2022/02/04 10:29 p.m.82 views

CVE-2020-12966

CVE-2020-12966 corresponds to an information-disclosure vulnerability in AMD EPYC processors’ SEV-ES and SEV-SNP. A local authenticated attacker could leak guest data via the malicious hypervisor. Affected products include AMD EPYC generations with SEV/SEV-ES, with SEV-SNP enabling a mitigation p...

5.5CVSS5AI score0.00313EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2021/11/16 6:8 p.m.79 views

CVE-2021-26335

CVE-2021-26335 concerns the AMD Secure Processor (ASP) boot loader image header. The issue is improper input and range checking, enabling attacker-controlled values before signature validation and potentially allowing arbitrary code execution. In NVD/AMD documentation, the vulnerability is listed...

7.8CVSS8AI score0.00286EPSS
CVE
CVE
added 2021/11/16 6:4 p.m.79 views

CVE-2021-26336

CVE-2021-26336 concerns AMD System Management Unit (SMU) with insufficient bounds checking that can cause invalid memory accesses/updates, leading to an SMU hang and the system may fail to service further requests from other components. Multiple sources confirm the issue under the SMU and referen...

5.5CVSS6.3AI score0.00212EPSS
CVE
CVE
added 2021/06/11 9:50 p.m.77 views

CVE-2020-12988

CVE-2020-12988 affects AMD EPYC platforms (1st–3rd Gen) per AMD-SB-1021. The DoS issue is described as a hang during system reboot in the integrated chipset/AMD platform components (e.g., ASP/SMU/SEV family). Affected products include 1st Gen EPYC (Naples), 2nd Gen (Rome), and 3rd Gen (Milan) CPU...

7.8CVSS7.2AI score0.01038EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.76 views

CVE-2023-20527

CVE-2023-20527 concerns the AMD Secure Processor (ASP) Bootloader. The issue is an improper syscall input validation in the Bootloader, which may allow a privileged attacker to read memory out-of-bounds, potentially causing a denial-of-service. The CVSS v3.1 metrics indicate Network attack vector...

6.5CVSS6.7AI score0.00595EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.69 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.69 views

CVE-2023-20531

CVE-2023-20531 affects the AMD System Management Unit (SMU) in AMD EPYC platforms. The root cause is insufficient bound checks in SMU, allowing an attacker to update SRAM between address spaces to an invalid value, which can lead to a denial of service. Connected documents provide concrete detail...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.68 views

CVE-2023-20529

The CVE-2023-20529 issue affects the AMD System Management Unit (SMU) , where insufficient bound checks can allow an attacker to update the sender/receiver address space to an invalid value, potentially causing a denial of service. The vulnerability is tied to SMU/firmware handling and is documen...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.67 views

CVE-2021-26403

CVE-2021-26403 corresponds to an AMD SEV vulnerability: insufficient checks in SEV could allow a malicious hypervisor to disclose the launch secret, risking VM confidentiality. Documented impact: local attacker with low privileges could compromise confidentiality; exploit details are not provided...

6.5CVSS6.9AI score0.00122EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.67 views

CVE-2023-20528

CVE-2023-20528 concerns the AMD System Management Unit (SMU) . The issue is caused by insufficient input validation in the SMU firmware , which could let a physical attacker exfiltrate SMU memory contents via the I2C bus, potentially resulting in a loss of confidentiality. Affected product scope ...

2.4CVSS4.6AI score0.00243EPSS
CVE
CVE
added 2021/11/16 6:24 p.m.65 views

CVE-2021-26337

The CVE-2021-26337 issue is an AMD SMU (System Management Unit) DRAM address validation flaw. It can permit a DMA read from an invalid DRAM address into SRAM, causing the SMU to stop servicing further requests. Mitigations are provided by AMD/AGSIA: update to the specified AGESA PI software versi...

5.5CVSS6.2AI score0.00233EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.65 views

CVE-2023-20525

The CVE-2023-20525 issue affects the AMD Secure Processor (ASP) Bootloader: it is caused by insufficient syscall input validation that can allow a privileged attacker to read memory outside mapped register bounds, potentially causing a denial of service. Public details identify the affected compo...

6.5CVSS6.6AI score0.00595EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.63 views

CVE-2023-20523

CVE-2023-20523 concerns TOCTOU in the AMD Secure Processor (ASP) that may allow a physical attacker to write beyond buffer bounds, potentially causing loss of integrity or denial of service. The issue is documented across multiple sources (NVD/NCSC/Dell AMD bulletins) with the ASP as the affected...

5.7CVSS6.1AI score0.00179EPSS
CVE
CVE
added 2021/11/16 6:6 p.m.62 views

CVE-2020-12951

CVE-2020-12951 describes a race condition in the AMD Platform Security Processor (ASP) firmware that could allow less-privileged x86 code to perform ASP SMM operations. Connected sources confirm this vulnerability and tie it to AMD ASP/SMU firmware, with AMD advisories indicating mitigations via ...

7CVSS7.3AI score0.00209EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.62 views

CVE-2023-20532

CVE-2023-20532 describes insufficient input validation in the AMD System Management Unit (SMU) that may allow an attacker to lock resources and cause a denial of service. Connected AMD documentation confirms the vulnerability affects SMU components and provides mitigations in the AMD-SB-1032 bull...

5.3CVSS5.9AI score0.00557EPSS
CVE
CVE
added 2021/11/16 6:9 p.m.61 views

CVE-2021-26331

CVE-2021-26331 affects the AMD System Management Unit (SMU). The vulnerability description indicates a malicious user could manipulate mailbox entries to achieve arbitrary code execution. Impact and exploit details are not provided beyond this, but the AMD-SB-1021 bulletin notes mitigations via O...

7.8CVSS7.8AI score0.00285EPSS
CVE
CVE
added 2021/11/16 6:13 p.m.56 views

CVE-2020-12961

CVE-2020-12961 affects AMD Platform Security Processor (PSP). The issue could allow an attacker to zero a privileged register on the System Management Network, potentially bypassing SPI ROM protections. Documented impact is high (CVSSv3.1: 7.8 Local, High impact) with local access and no user int...

7.8CVSS7.4AI score0.0024EPSS
CVE
CVE
added 2021/11/16 6:19 p.m.55 views

CVE-2021-26330

CVE-2021-26330 describes a heap-based overflow in the AMD System Management Unit (SMU) that may result in resource loss. Connected sources confirm affected hardware as AMD EPYC generations (1st/2nd/3rd Gen) and associate the issue with SMU/ASP components. The AMD Bulletin AMD-SB-1021 provides mit...

5.5CVSS6.1AI score0.00212EPSS