Vulnerabilities > AMD > Epyc 7313 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-16 | CVE-2021-26327 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | 5.5 |
2021-11-16 | CVE-2021-26330 | Out-of-bounds Write vulnerability in AMD products AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | 5.5 |
2021-11-16 | CVE-2021-26331 | Unspecified vulnerability in AMD products AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | 7.8 |
2021-11-16 | CVE-2021-26335 | Unspecified vulnerability in AMD products Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. | 7.8 |
2021-11-16 | CVE-2021-26336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | 5.5 |
2021-11-16 | CVE-2021-26337 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | 5.5 |
2021-11-16 | CVE-2021-26312 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | 5.5 |
2021-11-16 | CVE-2021-26322 | Use of Insufficiently Random Values vulnerability in AMD products Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | 7.5 |
2021-11-16 | CVE-2021-26326 | Improper Initialization vulnerability in AMD products Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. | 7.8 |
2021-11-16 | CVE-2021-26329 | Integer Overflow or Wraparound vulnerability in AMD products AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. | 5.5 |