Vulnerabilities > AMD > Epyc 7452 Firmware > romepi.1.0.0.d
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2023-20578 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 6.4 |
| 2023-11-14 | CVE-2021-26345 | Out-of-bounds Read vulnerability in AMD products Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | 4.9 |
| 2023-11-14 | CVE-2021-46774 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
| 2023-05-09 | CVE-2021-26379 | Unspecified vulnerability in AMD products Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | 9.8 |
| 2023-05-09 | CVE-2023-20520 | Out-of-bounds Write vulnerability in AMD products Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | 9.8 |
| 2023-01-11 | CVE-2023-20525 | Improper Input Validation vulnerability in AMD products Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | 6.5 |