Vulnerabilities > AMD > Epyc 7451 Firmware > naplespi.1.0.0.h

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2023-20578 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
local
high complexity
amd CWE-367
6.4
2023-11-14 CVE-2021-46774 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
network
low complexity
amd
7.5
2023-05-09 CVE-2023-20520 Out-of-bounds Write vulnerability in AMD products
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
network
low complexity
amd CWE-787
critical
9.8