Vulnerabilities > AMD > Epyc 72F3 Firmware > milanpi.sp3.1.0.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2021-26402 | Out-of-bounds Write vulnerability in AMD products Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | 7.1 |
| 2023-01-11 | CVE-2023-20523 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. | 5.7 |
| 2023-01-11 | CVE-2023-20525 | Improper Input Validation vulnerability in AMD products Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | 6.5 |
| 2023-01-11 | CVE-2023-20527 | Improper Input Validation vulnerability in AMD products Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | 6.5 |
| 2023-01-11 | CVE-2023-20528 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | 2.4 |
| 2023-01-11 | CVE-2023-20529 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. | 7.5 |
| 2023-01-11 | CVE-2023-20530 | Improper Input Validation vulnerability in AMD products Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | 7.5 |
| 2023-01-11 | CVE-2023-20531 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. | 7.5 |
| 2023-01-11 | CVE-2023-20532 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | 5.3 |
| 2022-05-11 | CVE-2021-26339 | Unspecified vulnerability in AMD products A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. | 4.9 |