Vulnerabilities > AMD > Epyc 7343 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-11 CVE-2021-26404 Improper Input Validation vulnerability in AMD products
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
local
low complexity
amd CWE-20
5.5
2023-01-11 CVE-2023-20523 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
high complexity
amd CWE-367
5.7
2023-01-11 CVE-2023-20525 Improper Input Validation vulnerability in AMD products
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
network
low complexity
amd CWE-20
6.5
2023-01-11 CVE-2023-20527 Improper Input Validation vulnerability in AMD products
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
network
low complexity
amd CWE-20
6.5
2023-01-11 CVE-2023-20532 Improper Input Validation vulnerability in AMD products
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
network
low complexity
amd CWE-20
5.3
2022-11-09 CVE-2022-23824 IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
local
low complexity
xen amd fedoraproject
5.5
2022-08-10 CVE-2021-46778 Information Exposure Through Discrepancy vulnerability in AMD products
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT).
local
high complexity
amd CWE-203
5.6
2022-05-11 CVE-2021-26339 Unspecified vulnerability in AMD products
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service.
local
low complexity
amd
5.5
2022-05-11 CVE-2021-26347 Improper Validation of Specified Quantity in Input vulnerability in AMD products
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
local
high complexity
amd CWE-1284
4.7
2022-05-11 CVE-2021-26348 Unspecified vulnerability in AMD products
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
local
low complexity
amd
5.5