Epyc 7371 Firmware Security Vulnerabilities and Issues — Epyc 7371 Firmware CVE List

Lucene search

AmdEpyc 7371 Firmware

5 matches found

CVE•added 2023/05/09 7:15 p.m.•66 views

CVE-2021-26371

A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.

5.5CVSS7.1AI score0.00061EPSS

CVE•added 2023/05/09 8:15 p.m.•56 views

CVE-2021-46756

Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.

9.1CVSS9.1AI score0.00115EPSS

CVE•added 2023/05/09 7:15 p.m.•54 views

CVE-2023-20520

Improper access control settings in ASPBootloader may allow an attacker to corrupt the return address causing astack-based buffer overrun potentially leading to arbitrary code execution.

9.8CVSS9.6AI score0.00312EPSS

CVE•added 2023/05/09 7:15 p.m.•53 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

7.4CVSS8.4AI score0.00135EPSS

CVE•added 2023/05/09 7:15 p.m.•52 views

CVE-2021-26406

Insufficient validation in parsing Owner'sCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)and SEV-ES user application can lead to a host crash potentially resulting indenial of service.

7.5CVSS8.4AI score0.00146EPSS