Lucene search
K
AmdEpyc 7543 Firmware

88 matches found

CVE
CVE
added 2023/08/08 5:2 p.m.501 views

CVE-2023-20569

CVE-2023-20569 concerns a side-channel vulnerability in some AMD CPUs where an attacker may influence the return-address predictor, enabling speculative execution at attacker-controlled addresses and potential information disclosure. The vulnerability is discussed across multiple connected source...

4.7CVSS6.6AI score0.0616EPSS
CVE
CVE
added 2022/11/09 8:48 p.m.241 views

CVE-2022-23824

Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...

5.5CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2023/11/14 6:54 p.m.196 views

CVE-2023-20592

CVE-2023-20592 covers AMD CPUs where improper behavior of the INVD instruction could let a malicious hypervisor affect cache line write-back and potentially compromise guest VM memory integrity. Public documents in the connected set describe the issue across multiple IBM Power HMC/LINUX-firmware ...

6.5CVSS6.5AI score0.01018EPSS
CVE
CVE
added 2024/02/13 7:18 p.m.178 views

CVE-2023-31346

CVE-2023-31346 is confirmed by connected advisories to affect linux-firmware related components and SEV firmware handling. The issue describes memory initialization failure in SEV firmware that may allow a privileged attacker to access stale data from other guests, impacting guest memory integrit...

6CVSS6.5AI score0.00309EPSS
CVE
CVE
added 2022/05/11 4:18 p.m.154 views

CVE-2021-26339

Technical details are not publicly available in the provided documents for CVE-2021-26339. Monitor for updates from vendor advisories; no specific affected products, impact, or remediation details are present in the supplied materials.

5.5CVSS5.9AI score0.00265EPSS
CVE
CVE
added 2022/05/11 4:21 p.m.145 views

CVE-2021-26342

CVE-2021-26342 is documented in the SUSE kernel-firmware advisories as part of a set of AMD/SEV-related fixes. The vulnerability description states that in SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) after a sequence including creation of a new VMCB, causing th...

3.3CVSS5AI score0.00215EPSS
CVE
CVE
added 2023/01/10 7:46 p.m.126 views

CVE-2021-26316

CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...

7.8CVSS8AI score0.00256EPSS
CVE
CVE
added 2022/05/11 4:22 p.m.116 views

CVE-2021-26347

CVE-2021-26347 is referenced in several advisories as part of AMD/ kernel-firmware updates. The description states a failure to validate the integer operand in the AMD Secure Processor bootloader could allow an integer overflow in the L2 directory table in SPI flash, potentially causing a denial ...

4.7CVSS5.5AI score0.00188EPSS
CVE
CVE
added 2022/05/11 4:40 p.m.112 views

CVE-2021-46744

Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.

6.5CVSS6.3AI score0.00328EPSS
CVE
CVE
added 2024/08/13 4:53 p.m.107 views

CVE-2023-20584

CVE-2023-20584 involves AMD IOMMU handling of certain address ranges with invalid DTEs. The issue can allow a local privileged attacker with a compromised Hypervisor to induce DTE faults and bypass SEV-SNP RMP checks, potentially compromising guest integrity. Connected advisories note affected ke...

6CVSS7.2AI score0.00174EPSS
CVE
CVE
added 2022/05/11 4:26 p.m.104 views

CVE-2021-26348

Technical details about CVE-2021-26348 are not publicly provided in the supplied documents; no affected products, root cause, or remediation specifics are present. Please monitor for updates from the referenced advisories and databases.

5.5CVSS5.8AI score0.00215EPSS
CVE
CVE
added 2024/01/11 1:53 p.m.104 views

CVE-2023-20573

CVE-2023-20573 describes a defect in AMD SEV-SNP on 3rd/4th Gen EPYC processors where a privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests, potentially causing guests to miss expected debug information. The issue is local to privileged attackers and affects the deliver...

3.2CVSS4AI score0.00289EPSS
CVE
CVE
added 2022/05/10 6:27 p.m.103 views

CVE-2021-26324

CVE-2021-26324 concerns a bug in the SEV-ES TMR that may lead to a loss of memory integrity for SNP-active VMs on AMD EPYC platforms. The available documents do not provide an attacker’s exploit path or exploitability details. The AMD security bulletin AMD-SB-1021 maps this CVE to affected EPYC g...

7.8CVSS7.5AI score0.00258EPSS
CVE
CVE
added 2024/02/13 7:18 p.m.103 views

CVE-2023-31347

CVE-2023-31347 stems from a code bug in Secure_TSC used by SEV firmware, potentially allowing a high-privilege attacker to cause a guest to observe an incorrect TSC, risking guest integrity. Affected: AMD SEV/SEV-SNP firmware; impact: loss of guest integrity with no disclosed remote code executio...

4.9CVSS6.8AI score0.0046EPSS
CVE
CVE
added 2022/05/11 4:24 p.m.101 views

CVE-2021-26349

CVE-2021-26349 is listed as part of multiple SUSE kernel-firmware advisories (SUSE-SU-2022-1923-1 and related updates). The description indicates a vulnerability where failure to assign a new report ID to an imported guest could allow an SEV-SNP guest VM to be tricked into trusting a malicious Mi...

5.5CVSS5.8AI score0.0021EPSS
CVE
CVE
added 2022/05/10 6:33 p.m.93 views

CVE-2021-26353

CVE-2021-26353 – AMD SMM input validation vulnerability. The issue arises from failure to validate inputs in System Management Mode (SMM), which can allow an attacker to trigger a mishandled error and leave the DRTM UApp partially initialized, potentially causing loss of memory integrity. Affecte...

7.8CVSS7.5AI score0.00258EPSS
CVE
CVE
added 2022/05/10 6:25 p.m.91 views

CVE-2021-26370

Summary: CVE-2021-26370 describes an improper validation of the destination address in AMD EPYC UApp/ABL handling via SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB. Affected product/area: AMD EPYC server processors featuring UApp/ABL (as described in related sources). The issue conc...

7.1CVSS7.1AI score0.00222EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.90 views

CVE-2023-20521

CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...

5.7CVSS6.1AI score0.00257EPSS
CVE
CVE
added 2021/11/16 6:11 p.m.89 views

CVE-2020-12954

CVE-2020-12954 relates to an AMD Platform Security Processor (ASP) boot loader header where improper input and range validation can allow attacker-controlled values before signature verification, potentially enabling arbitrary code execution and bypassing SPI ROM protections to modify SPI ROM. Th...

5.5CVSS5.9AI score0.00224EPSS
CVE
CVE
added 2021/11/16 5:55 p.m.89 views

CVE-2021-26312

CVE-2021-26312 is addressed in SUSE kernel-firmware updates. The advisory notes that failure to flush the IOMMU TLB may allow an IO device to access memory it should not, potentially compromising integrity. SUSE’s fixes update kernel-firmware to versions 20220411 (AMD microcode updates) and 20220...

5.5CVSS5.8AI score0.00239EPSS
CVE
CVE
added 2022/05/10 6:30 p.m.86 views

CVE-2021-46771

CVE-2021-46771 : The AMD Secure Processor (ASP) firmware system call has insufficient validation of addresses, potentially allowing arbitrary code execution by a compromised user application. This is tied to the ASP/firmware boundary and could impact systems relying on ASP for secure processing. ...

7.8CVSS7.8AI score0.00284EPSS
CVE
CVE
added 2023/07/11 6:29 p.m.86 views

CVE-2023-20575

CVE-2023-20575 describes a potential power side-channel vulnerability in some AMD processors that could allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM , potentially leaking sensitive information. The AMD security bull...

6.5CVSS6.3AI score0.00804EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.84 views

CVE-2021-46778

CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...

5.6CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2023/05/09 6:59 p.m.83 views

CVE-2021-26371

The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...

5.5CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2022/02/04 10:29 p.m.82 views

CVE-2020-12966

CVE-2020-12966 corresponds to an information-disclosure vulnerability in AMD EPYC processors’ SEV-ES and SEV-SNP. A local authenticated attacker could leak guest data via the malicious hypervisor. Affected products include AMD EPYC generations with SEV/SEV-ES, with SEV-SNP enabling a mitigation p...

5.5CVSS5AI score0.00313EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.82 views

CVE-2021-26354

CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...

5.5CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.82 views

CVE-2021-26398

CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...

7.8CVSS7.9AI score0.00212EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.82 views

CVE-2021-26402

CVE-2021-26402 describes insufficient bounds checking in the AMD Secure Processor (ASP) firmware during BIOS mailbox handling, enabling an attacker to write partially controlled data out-of-bounds into SMM or SEV-ES regions and potentially compromise integrity and availability. The issue is discu...

7.1CVSS7.2AI score0.0018EPSS
CVE
CVE
added 2021/11/16 6:1 p.m.81 views

CVE-2020-12946

CVE-2020-12946 affects AMD’s Platform Security Processor (ASP) firmware, where insufficient input validation for discrete TPM commands could cause loss of integrity and denial of service. The issue is discussed in AMD/SUZE bulletins and is addressed by updating to specific AGESA PI software versi...

7.1CVSS7.3AI score0.00218EPSS
CVE
CVE
added 2022/05/10 6:26 p.m.80 views

CVE-2021-26332

CVE-2021-26332 describes a vulnerability in AMD Secure Encrypted Virtualization (SEV) related to failing to verify that SEV-ES TMR is not in MMIO space, potentially allowing integrity or availability loss. The affected component is SEV-ES TMR handling; root cause is improper verification in memor...

7.1CVSS7AI score0.00222EPSS
CVE
CVE
added 2023/11/14 6:53 p.m.80 views

CVE-2021-26345

CVE-2021-26345 is an AMD ASP/firmware vulnerability where failure to validate the APCB value may allow a privileged attacker with physical access to tamper with the APCB token, forcing an out-of-bounds memory read and potentially causing a denial of service. Public details across SUSE OSV entries...

4.9CVSS6.1AI score0.00434EPSS
CVE
CVE
added 2021/11/16 6:8 p.m.79 views

CVE-2021-26335

CVE-2021-26335 concerns the AMD Secure Processor (ASP) boot loader image header. The issue is improper input and range checking, enabling attacker-controlled values before signature validation and potentially allowing arbitrary code execution. In NVD/AMD documentation, the vulnerability is listed...

7.8CVSS8AI score0.00286EPSS
CVE
CVE
added 2021/11/16 6:4 p.m.79 views

CVE-2021-26336

CVE-2021-26336 concerns AMD System Management Unit (SMU) with insufficient bounds checking that can cause invalid memory accesses/updates, leading to an SMU hang and the system may fail to service further requests from other components. Multiple sources confirm the issue under the SMU and referen...

5.5CVSS6.3AI score0.00212EPSS
CVE
CVE
added 2021/06/11 9:50 p.m.77 views

CVE-2020-12988

CVE-2020-12988 affects AMD EPYC platforms (1st–3rd Gen) per AMD-SB-1021. The DoS issue is described as a hang during system reboot in the integrated chipset/AMD platform components (e.g., ASP/SMU/SEV family). Affected products include 1st Gen EPYC (Naples), 2nd Gen (Rome), and 3rd Gen (Milan) CPU...

7.8CVSS7.2AI score0.01038EPSS
CVE
CVE
added 2021/12/10 9:55 p.m.76 views

CVE-2021-26340

CVE-2021-26340 is a published vulnerability affecting AMD SEV/SEV-ES environments. A malicious hypervisor with an unprivileged attacker process inside a guest VM may fail to flush the TLB, causing unexpected VM behavior and potential loss of integrity and confidentiality. Affected products includ...

8.4CVSS8.2AI score0.00239EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.76 views

CVE-2023-20527

CVE-2023-20527 concerns the AMD Secure Processor (ASP) Bootloader. The issue is an improper syscall input validation in the Bootloader, which may allow a privileged attacker to read memory out-of-bounds, potentially causing a denial-of-service. The CVSS v3.1 metrics indicate Network attack vector...

6.5CVSS6.7AI score0.00595EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.75 views

CVE-2023-20533

CVE-2023-20533 is documented in multiple trusted sources as a vulnerability in the AMD SMU/ASP ecosystem: it describes insufficient DRAM address validation in the System Management Unit (SMU), which may allow a DMA attacker to read/write invalid DRAM addresses and could lead to denial of service....

7.5CVSS7.5AI score0.00499EPSS
CVE
CVE
added 2023/05/09 7:0 p.m.74 views

CVE-2021-46756

CVE-2021-46756 describes insufficient validation of inputs in SVC_MAP_USER_STACK in the AMD Secure Processor (ASP) bootloader. A malicious UApp or ABL could send malformed or invalid syscalls to the bootloader, potentially causing a denial of service and loss of integrity. The AMD security bullet...

9.1CVSS9.1AI score0.00645EPSS
CVE
CVE
added 2023/01/10 8:56 p.m.73 views

CVE-2021-26343

CVE-2021-26343 describes insufficient validation in AMD’s ASP BIOS and DRTM commands, potentially allowing malicious supervisor x86 software to disclose memory contents (information disclosure). The vulnerability is linked to the AMD Secure Processor (ASP) and BIOS/DRTM handling, with impact limi...

5.5CVSS6AI score0.00185EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.73 views

CVE-2023-20520

CVE-2023-20520 affects the AMD Secure Processor (ASP) Bootloader. The issue is described as improper access control in the ASP Bootloader which may allow an attacker to corrupt the return address, causing a stack-based buffer overrun and potentially arbitrary code execution. Connected sources ide...

9.8CVSS9.6AI score0.00789EPSS
CVE
CVE
added 2024/08/13 4:53 p.m.71 views

CVE-2023-20591

CVE-2023-20591 : Improper re-initialization of the IOMMU during a DRTM event may allow an untrusted platform configuration to persist, enabling an attacker to read or modify hypervisor memory and potentially compromise confidentiality, integrity, and availability. The vulnerability is discussed i...

10CVSS7.1AI score0.00299EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.70 views

CVE-2021-46763

The CVE-2021-46763 entry concerns AMD components: the AMD Secure Processor (ASP) and AMD System Management Unit (SMU). The root cause is insufficient input validation in the SMU, which may allow a privileged attacker to write beyond the bounds of a shared memory buffer, potentially compromising i...

7.5CVSS7.9AI score0.00494EPSS
CVE
CVE
added 2023/11/14 6:52 p.m.70 views

CVE-2021-46774

CVE-2021-46774 describes insufficient input validation in the AMD ABL, enabling a privileged attacker to perform arbitrary DRAM writes and potentially execute code or escalate privileges. Connected advisories confirm this vulnerability is among issues addressed by AMD/PI firmware updates and kern...

7.5CVSS7.8AI score0.00508EPSS
CVE
CVE
added 2023/09/20 5:27 p.m.70 views

CVE-2023-20594

CVE-2023-20594 concerns the AMD DXE driver. The root cause is improper initialization of variables in the DXE driver, which may allow a privileged local user to leak sensitive information. Impact is information disclosure with local access; attack vector is local. The vulnerability affects AMD DX...

4.4CVSS4.3AI score0.00175EPSS
CVE
CVE
added 2023/05/09 6:58 p.m.69 views

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

7.4CVSS8.4AI score0.00399EPSS
CVE
CVE
added 2023/05/09 6:36 p.m.69 views

CVE-2021-46762

CVE-2021-46762 is an AMD SMU/ASP input-validation vulnerability: insufficient validation in the System Management Unit (SMU) may allow corruption of SMU SRAM, risking integrity or availability. Affected products include AMD ASP/SMU components in AMD Embedded processors; exploitation details are n...

9.1CVSS6.4AI score0.00349EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.69 views

CVE-2023-20531

CVE-2023-20531 affects the AMD System Management Unit (SMU) in AMD EPYC platforms. The root cause is insufficient bound checks in SMU, allowing an attacker to update SRAM between address spaces to an invalid value, which can lead to a denial of service. Connected documents provide concrete detail...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.68 views

CVE-2023-20529

The CVE-2023-20529 issue affects the AMD System Management Unit (SMU) , where insufficient bound checks can allow an attacker to update the sender/receiver address space to an invalid value, potentially causing a denial of service. The vulnerability is tied to SMU/firmware handling and is documen...

7.5CVSS7.5AI score0.00616EPSS
CVE
CVE
added 2023/01/10 8:57 p.m.68 views

CVE-2023-20530

CVE-2023-20530 concerns the AMD System Management Unit (SMU) on AMD EPYC-based platforms. It involves insufficient input validation of BIOS mailbox messages in SMU, which can cause out-of-bounds memory reads and potentially lead to a denial of service. Public sources consistently describe the aff...

7.5CVSS7.6AI score0.00616EPSS
CVE
CVE
added 2021/11/16 6:17 p.m.67 views

CVE-2020-12944

CVE-2020-12944 affects AMD Secure Processor (ASP) firmware, where insufficient validation of BIOS image length could allow arbitrary code execution. AMD documentation (AMD-SB-1027/1021) lists affected platforms across desktop, mobile and server AMD systems and provides mitigations via AGESA PI fi...

7.8CVSS8AI score0.00335EPSS
Total number of security vulnerabilities88