Vulnerabilities > AMD > Epyc 7513 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2021-26344 Out-of-bounds Write vulnerability in AMD products
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
local
low complexity
amd CWE-787
8.2
2024-08-05 CVE-2024-21978 Unspecified vulnerability in AMD products
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
local
low complexity
amd
7.9
2024-08-05 CVE-2024-21980 Out-of-bounds Write vulnerability in AMD products
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
local
low complexity
amd CWE-787
7.9
2023-11-14 CVE-2021-46774 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
network
low complexity
amd
7.5
2023-11-14 CVE-2023-20533 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
network
low complexity
amd
7.5
2023-11-14 CVE-2023-20566 Unspecified vulnerability in AMD products
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
network
low complexity
amd
7.5
2023-05-09 CVE-2021-26356 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
network
high complexity
amd CWE-367
7.4
2023-05-09 CVE-2021-26397 Unspecified vulnerability in AMD products
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
local
low complexity
amd
7.1
2023-05-09 CVE-2021-46763 Out-of-bounds Write vulnerability in AMD products
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
network
low complexity
amd CWE-787
7.5
2023-05-09 CVE-2021-46764 Out-of-bounds Write vulnerability in AMD products
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
network
low complexity
amd CWE-787
7.5