Vulnerabilities > AMD > Epyc 7502P Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2021-26354 Classic Buffer Overflow vulnerability in AMD products
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
local
low complexity
amd CWE-120
5.5
2023-05-09 CVE-2021-26371 Unspecified vulnerability in AMD products
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
local
low complexity
amd
5.5
2023-05-09 CVE-2021-26379 Unspecified vulnerability in AMD products
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
network
low complexity
amd
critical
9.8
2023-05-09 CVE-2021-26406 Unspecified vulnerability in AMD products
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
network
low complexity
amd
7.5
2023-05-09 CVE-2021-46762 Improper Input Validation vulnerability in AMD products
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
network
low complexity
amd CWE-20
critical
9.1
2023-05-09 CVE-2021-46763 Out-of-bounds Write vulnerability in AMD products
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
network
low complexity
amd CWE-787
7.5
2023-05-09 CVE-2021-46764 Out-of-bounds Write vulnerability in AMD products
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
network
low complexity
amd CWE-787
7.5
2023-05-09 CVE-2021-46769 Improper Input Validation vulnerability in AMD products
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.
network
low complexity
amd CWE-20
8.8
2023-05-09 CVE-2021-46775 Improper Input Validation vulnerability in AMD products
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
low complexity
amd CWE-20
6.8
2023-05-09 CVE-2023-20520 Out-of-bounds Write vulnerability in AMD products
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
network
low complexity
amd CWE-787
critical
9.8