Vulnerabilities > AMD > Epyc 7443 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2020-12966 | Information Exposure vulnerability in AMD products AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). | 5.5 |
| 2021-11-16 | CVE-2020-12954 | Unspecified vulnerability in AMD products A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. | 5.5 |
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 5.5 |
| 2021-11-16 | CVE-2021-26321 | Command Injection vulnerability in AMD products Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | 5.5 |
| 2021-11-16 | CVE-2021-26325 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | 5.5 |
| 2021-11-16 | CVE-2021-26327 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | 5.5 |
| 2021-11-16 | CVE-2021-26330 | Out-of-bounds Write vulnerability in AMD products AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | 5.5 |
| 2021-11-16 | CVE-2021-26336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | 5.5 |
| 2021-11-16 | CVE-2021-26337 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | 5.5 |
| 2021-11-16 | CVE-2021-26312 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | 5.5 |