Vulnerabilities > AMD > Epyc 7302 Firmware > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2023-20528 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | 2.4 |
| 2022-05-11 | CVE-2021-26350 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. | 1.9 |
| 2022-03-11 | CVE-2021-26401 | Unspecified vulnerability in AMD products LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. local amd | 1.9 |
| 2021-12-10 | CVE-2021-26340 | Unspecified vulnerability in AMD products A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | 3.6 |
| 2021-11-16 | CVE-2021-26337 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | 2.1 |
| 2021-11-16 | CVE-2021-26330 | Out-of-bounds Write vulnerability in AMD products AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | 2.1 |
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 2.1 |
| 2021-11-16 | CVE-2020-12954 | Unspecified vulnerability in AMD products A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. | 2.1 |
| 2021-11-16 | CVE-2021-26329 | Integer Overflow or Wraparound vulnerability in AMD products AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. | 2.1 |
| 2021-11-16 | CVE-2021-26312 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | 2.1 |