Vulnerabilities > AMD > Epyc 7371 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2021-46744 Information Exposure Through Discrepancy vulnerability in AMD products
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
local
low complexity
amd CWE-203
6.5
2022-03-11 CVE-2021-26341 Improper Cross-boundary Removal of Sensitive Data vulnerability in AMD products
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
local
low complexity
amd CWE-212
6.5
2022-03-11 CVE-2021-26401 Unspecified vulnerability in AMD products
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
local
high complexity
amd
5.6
2022-02-04 CVE-2020-12966 Information Exposure vulnerability in AMD products
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
local
low complexity
amd CWE-200
5.5
2021-12-10 CVE-2021-26340 Unspecified vulnerability in AMD products
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).
local
low complexity
amd
8.4
2021-11-16 CVE-2020-12944 Improper Input Validation vulnerability in AMD products
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
local
low complexity
amd CWE-20
7.8
2021-11-16 CVE-2021-26320 Improper Certificate Validation vulnerability in AMD products
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
local
low complexity
amd CWE-295
5.5
2021-11-16 CVE-2021-26321 Command Injection vulnerability in AMD products
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
local
low complexity
amd CWE-77
5.5
2021-11-16 CVE-2021-26312 Exposure of Resource to Wrong Sphere vulnerability in AMD products
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
local
low complexity
amd CWE-668
5.5
2021-11-16 CVE-2021-26322 Use of Insufficiently Random Values vulnerability in AMD products
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
network
low complexity
amd CWE-330
7.5