Vulnerabilities > AMD > Epyc 7313 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-11-16 CVE-2020-12944 Improper Input Validation vulnerability in AMD products
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
local
low complexity
amd CWE-20
7.8
2021-11-16 CVE-2020-12946 Improper Input Validation vulnerability in AMD products
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
local
low complexity
amd CWE-20
7.1
2021-11-16 CVE-2020-12951 Race Condition vulnerability in AMD products
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
local
high complexity
amd CWE-362
7.0
2021-11-16 CVE-2020-12954 Unspecified vulnerability in AMD products
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
local
low complexity
amd
5.5
2021-11-16 CVE-2020-12961 Unspecified vulnerability in AMD products
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
local
low complexity
amd
7.8
2021-11-16 CVE-2021-26315 Insufficient Verification of Data Authenticity vulnerability in AMD products
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.
local
low complexity
amd CWE-345
7.8
2021-11-16 CVE-2021-26320 Improper Certificate Validation vulnerability in AMD products
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
local
low complexity
amd CWE-295
5.5
2021-11-16 CVE-2021-26321 Command Injection vulnerability in AMD products
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
local
low complexity
amd CWE-77
5.5
2021-11-16 CVE-2021-26323 Improper Input Validation vulnerability in AMD products
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.
local
low complexity
amd CWE-20
7.8
2021-11-16 CVE-2021-26325 Improper Input Validation vulnerability in AMD products
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
local
low complexity
amd CWE-20
5.5