Epyc 7473x Firmware

epyc_7473x_firmware

Vendor: Amd • 55 CVEs

CVEs (55)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46756 1Amd 63Epyc 7232p Firmware Epyc 7251 FirmwareEpyc 7252 Firmware+60 more Jan 28, 2025 May 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in...Show more Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. Show less
CVE-2023-20524 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2023-20520 1Amd 63Epyc 7232p Firmware Epyc 7251 FirmwareEpyc 7252 Firmware+60 more Jan 28, 2025 May 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
CVE-2022-23818 1Amd 23Epyc 72f3 Firmware Epyc 7313 FirmwareEpyc 7313p Firmware+20 more Jan 28, 2025 May 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.
CVE-2021-46775 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
CVE-2021-46769 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.
CVE-2021-46764 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
CVE-2021-46763 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
CVE-2021-46762 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Nov 21, 2024 May 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVE-2021-26397 1Amd 23Epyc 72f3 Firmware Epyc 7313 FirmwareEpyc 7313p Firmware+20 more Jan 28, 2025 May 9, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
CVE-2021-26379 1Amd 48Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+45 more Jan 28, 2025 May 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
CVE-2021-26371 1Amd 128Amd 3015ce Firmware Amd 3015e FirmwareEpyc 7001 Firmware+125 more Jan 28, 2025 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2021-26356 1Amd 98Epyc 7001 Firmware Epyc 7002 FirmwareEpyc 7232p Firmware+95 more Jan 28, 2025 May 9, 2023 N/A· v4 7.4 HIGH· v3 N/A· v2 A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2021-26354 1Amd 152Amd 3015ce Firmware Amd 3015e FirmwareEpyc 7002 Firmware+149 more Jan 28, 2025 May 9, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
CVE-2021-26404 1Amd 23Epyc 7003 Firmware Epyc 7313 FirmwareEpyc 7313p Firmware+20 more Apr 8, 2025 Jan 11, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
CVE-2022-23824 3Amd FedoraprojectXen 169A10 9600p Firmware A10 9630p FirmwareA12 9700p Firmware+166 more Nov 21, 2024 Nov 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2021-46778 1Amd 179Athlon 3050ge Firmware Athlon 3150g FirmwareAthlon 3150ge Firmware+176 more Nov 21, 2024 Aug 10, 2022 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the content...Show more Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.Show less
CVE-2021-26388 1Amd 106Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+103 more Nov 21, 2024 May 11, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
CVE-2021-26378 1Amd 83Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+80 more Nov 21, 2024 May 11, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
CVE-2021-26376 1Amd 83Epyc 7232p Firmware Epyc 7252 FirmwareEpyc 7262 Firmware+80 more Nov 21, 2024 May 11, 2022 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.

Previous 123 Next