Epyc 7252 Firmware Security Vulnerabilities and Issues — Epyc 7252 Firmware CVE List

Lucene search

AmdEpyc 7252 Firmware

13 matches found

CVE•added 2023/05/09 7:15 p.m.•67 views

CVE-2021-26354

Insufficient bounds checking in ASP may allow anattacker to issue a system call from a compromised ABL which may causearbitrary memory values to be initialized to zero, potentially leading to aloss of integrity.

5.5CVSS7.2AI score0.00044EPSS

CVE•added 2023/05/09 7:15 p.m.•65 views

CVE-2021-26371

A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.

5.5CVSS7.1AI score0.00061EPSS

CVE•added 2023/05/09 8:15 p.m.•55 views

CVE-2021-46756

Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.

9.1CVSS9.1AI score0.00115EPSS

CVE•added 2023/05/09 7:15 p.m.•55 views

CVE-2021-46762

Insufficient input validation in the SMU mayallow an attacker to corrupt SMU SRAM potentially leading to a loss ofintegrity or denial of service.

9.1CVSS6.4AI score0.00026EPSS

CVE•added 2023/05/09 7:15 p.m.•54 views

CVE-2021-46763

Insufficient input validation in the SMU mayenable a privileged attacker to write beyond the intended bounds of a sharedmemory buffer potentially leading to a loss of integrity.

7.5CVSS7.9AI score0.00092EPSS

CVE•added 2023/05/09 7:15 p.m.•53 views

CVE-2023-20520

Improper access control settings in ASPBootloader may allow an attacker to corrupt the return address causing astack-based buffer overrun potentially leading to arbitrary code execution.

9.8CVSS9.6AI score0.00312EPSS

CVE•added 2023/05/09 7:15 p.m.•52 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

7.4CVSS8.4AI score0.00135EPSS

CVE•added 2023/05/09 7:15 p.m.•52 views

CVE-2021-46764

Improper validation of DRAM addresses in SMU mayallow an attacker to overwrite sensitive memory locations within the ASPpotentially resulting in a denial of service.

7.5CVSS7.8AI score0.00115EPSS

CVE•added 2023/05/09 7:15 p.m.•51 views

CVE-2021-26406

Insufficient validation in parsing Owner'sCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)and SEV-ES user application can lead to a host crash potentially resulting indenial of service.

7.5CVSS8.4AI score0.00146EPSS

CVE•added 2023/05/09 7:15 p.m.•50 views

CVE-2021-46769

Insufficient syscall input validation in the ASPBootloader may allow a privileged attacker to execute arbitrary DMA copies,which can lead to code execution.

8.8CVSS9.1AI score0.00156EPSS

CVE•added 2023/05/09 7:15 p.m.•50 views

CVE-2021-46775

Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution.

6.8CVSS7.2AI score0.00061EPSS

CVE•added 2023/05/09 7:15 p.m.•46 views

CVE-2023-20524

An attacker with a compromised ASP couldpossibly send malformed commands to an ASP on another CPU, resulting in an outof bounds write, potentially leading to a loss a loss of integrity.

7.5CVSS8AI score0.00147EPSS

CVE•added 2023/05/09 7:15 p.m.•45 views

CVE-2021-26379

Insufficient input validation of mailbox data in theSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentiallyleading to a loss of integrity and privilege escalation.

9.8CVSS9.3AI score0.00169EPSS