Vulnerabilities > AMD > Epyc 73F3 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-20566 Unspecified vulnerability in AMD products
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
network
low complexity
amd
7.5
2023-11-14 CVE-2023-20592 Unspecified vulnerability in AMD products
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
network
low complexity
amd
6.5
2023-09-20 CVE-2023-20594 Improper Initialization vulnerability in AMD products
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
local
low complexity
amd CWE-665
4.4
2023-08-08 CVE-2023-20569 Information Exposure Through Discrepancy vulnerability in multiple products
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction.
local
high complexity
fedoraproject debian amd microsoft CWE-203
4.7
2023-07-11 CVE-2023-20575 Information Exposure Through Discrepancy vulnerability in AMD products
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
network
low complexity
amd CWE-203
6.5
2023-05-09 CVE-2021-46756 Improper Input Validation vulnerability in AMD products
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
network
low complexity
amd CWE-20
critical
9.1
2023-05-09 CVE-2021-26354 Classic Buffer Overflow vulnerability in AMD products
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
local
low complexity
amd CWE-120
5.5
2023-05-09 CVE-2021-26371 Unspecified vulnerability in AMD products
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
local
low complexity
amd
5.5
2023-05-09 CVE-2021-26379 Unspecified vulnerability in AMD products
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
network
low complexity
amd
critical
9.8
2023-05-09 CVE-2021-26397 Unspecified vulnerability in AMD products
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
local
low complexity
amd
7.1