Vulnerabilities > AMD > Epyc 7401P Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2021-26406 Unspecified vulnerability in AMD products
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
network
low complexity
amd
7.5
2023-05-09 CVE-2023-20520 Out-of-bounds Write vulnerability in AMD products
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
network
low complexity
amd CWE-787
critical
9.8
2023-01-11 CVE-2021-26398 Out-of-bounds Write vulnerability in AMD products
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
local
low complexity
amd CWE-787
7.8
2023-01-11 CVE-2021-26403 Unspecified vulnerability in AMD products
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
local
low complexity
amd
6.5
2023-01-11 CVE-2023-20527 Improper Input Validation vulnerability in AMD products
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
network
low complexity
amd CWE-20
6.5
2022-11-09 CVE-2022-23824 IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
local
low complexity
xen amd fedoraproject
5.5
2022-08-10 CVE-2021-46778 Information Exposure Through Discrepancy vulnerability in AMD products
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT).
local
high complexity
amd CWE-203
5.6
2022-07-14 CVE-2022-23825 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
local
low complexity
debian fedoraproject amd vmware CWE-668
6.5
2022-07-12 CVE-2022-29900 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
local
low complexity
xen debian fedoraproject amd CWE-212
6.5
2022-06-15 CVE-2022-23823 Information Exposure Through Discrepancy vulnerability in AMD products
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
network
low complexity
amd CWE-203
6.5