Epyc 7261 Firmware Security Vulnerabilities and Issues — Epyc 7261 Firmware CVE List

Lucene search

AmdEpyc 7261 Firmware

13 matches found

CVE•added 2023/08/08 6:15 p.m.•328 views

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

5.5CVSS6.9AI score0.03997EPSS

CVE•added 2023/11/14 7:15 p.m.•119 views

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

6.5CVSS6.5AI score0.0036EPSS

CVE•added 2023/05/09 7:15 p.m.•65 views

CVE-2021-26371

A compromised or malicious ABL or UApp couldsend a SHA256 system call to the bootloader, which may result in exposure ofASP memory to userspace, potentially leading to information disclosure.

5.5CVSS7.1AI score0.00061EPSS

CVE•added 2023/01/11 8:15 a.m.•65 views

CVE-2021-26398

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

7.8CVSS7.9AI score0.00049EPSS

CVE•added 2023/11/14 7:15 p.m.•60 views

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

5.7CVSS6.1AI score0.00037EPSS

CVE•added 2023/11/14 7:15 p.m.•57 views

CVE-2021-46774

Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.

7.5CVSS7.8AI score0.00022EPSS

CVE•added 2023/05/09 8:15 p.m.•55 views

CVE-2021-46756

Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.

9.1CVSS9.1AI score0.00115EPSS

CVE•added 2023/01/11 8:15 a.m.•55 views

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

6.5CVSS6.7AI score0.0011EPSS

CVE•added 2023/05/09 7:15 p.m.•53 views

CVE-2023-20520

Improper access control settings in ASPBootloader may allow an attacker to corrupt the return address causing astack-based buffer overrun potentially leading to arbitrary code execution.

9.8CVSS9.6AI score0.00312EPSS

CVE•added 2023/05/09 7:15 p.m.•52 views

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attackerto tamper with the SPI ROM following data read to memory potentially resultingin S3 data corruption and information disclosure.

7.4CVSS8.4AI score0.00135EPSS

CVE•added 2023/01/11 8:15 a.m.•51 views

CVE-2021-26403

Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.

6.5CVSS6.9AI score0.00056EPSS

CVE•added 2023/05/09 7:15 p.m.•51 views

CVE-2021-26406

Insufficient validation in parsing Owner'sCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)and SEV-ES user application can lead to a host crash potentially resulting indenial of service.

7.5CVSS8.4AI score0.00146EPSS

CVE•added 2023/11/14 7:15 p.m.•47 views

CVE-2023-20526

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

4.6CVSS5.9AI score0.0004EPSS