Epyc 8024p Firmware Security Vulnerabilities and Issues — Epyc 8024p Firmware CVE List

Lucene search

AmdEpyc 8024p Firmware

13 matches found

CVE•added 2024/02/13 8:15 p.m.•149 views

CVE-2023-31346

Failure to initializememory in SEV Firmware may allow a privileged attacker to access stale datafrom other guests.

6CVSS6.5AI score0.0004EPSS

CVE•added 2024/02/13 8:15 p.m.•81 views

CVE-2023-31347

Due to a code bug inSecure_TSC, SEV firmware may allow an attacker with high privileges to cause aguest to observe an incorrect TSC when Secure TSC is enabled potentiallyresulting in a loss of guest integrity.

4.9CVSS6.8AI score0.00037EPSS

CVE•added 2024/08/13 5:15 p.m.•77 views

CVE-2023-20584

IOMMU improperly handles certain special addressranges with invalid device table entries (DTEs), which may allow an attackerwith privileges and a compromised Hypervisor toinduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to aloss of guest integrity.

6CVSS7.2AI score0.00033EPSS

CVE•added 2024/01/11 2:15 p.m.•68 views

CVE-2023-20573

A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulting in guests not receiving expected debug information.

3.2CVSS4AI score0.00093EPSS

CVE•added 2023/11/14 7:15 p.m.•59 views

CVE-2021-26345

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

4.9CVSS6.1AI score0.00027EPSS

CVE•added 2023/11/14 7:15 p.m.•57 views

CVE-2021-46774

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

7.5CVSS7.8AI score0.00022EPSS

CVE•added 2023/11/14 7:15 p.m.•51 views

CVE-2022-23830

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

5.3CVSS6.3AI score0.00072EPSS

CVE•added 2023/11/14 7:15 p.m.•48 views

CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.

7.5CVSS7.1AI score0.00049EPSS

CVE•added 2024/08/13 5:15 p.m.•48 views

CVE-2023-20591

Improper re-initialization of IOMMU during the DRTM eventmay permit an untrusted platform configuration to persist, allowing an attackerto read or modify hypervisor memory, potentially resulting in loss ofconfidentiality, integrity, and availability.

10CVSS7.1AI score0.00207EPSS

CVE•added 2024/08/13 5:15 p.m.•41 views

CVE-2023-20578

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allowan attacker with ring0 privileges and access to theBIOS menu or UEFI shell to modify the communications buffer potentiallyresulting in arbitrary code execution.

7.5CVSS7.8AI score0.00022EPSS

CVE•added 2024/08/05 4:15 p.m.•41 views

CVE-2024-21978

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

7.9CVSS7AI score0.01199EPSS

CVE•added 2024/08/05 4:15 p.m.•35 views

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

6CVSS7.2AI score0.00934EPSS

CVE•added 2024/08/05 4:15 p.m.•32 views

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

7.9CVSS7.2AI score0.00934EPSS