Vulnerabilities > AMD > Epyc 7643 Firmware > milanpi.1.0.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2021-26371 | Unspecified vulnerability in AMD products A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
| 2023-05-09 | CVE-2021-26379 | Unspecified vulnerability in AMD products Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | 9.8 |
| 2023-05-09 | CVE-2021-26397 | Unspecified vulnerability in AMD products Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | 7.1 |
| 2023-01-11 | CVE-2021-26328 | Unspecified vulnerability in AMD products Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. | 4.4 |
| 2023-01-11 | CVE-2021-26398 | Out-of-bounds Write vulnerability in AMD products Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | 7.8 |
| 2023-01-11 | CVE-2021-26402 | Out-of-bounds Write vulnerability in AMD products Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | 7.1 |
| 2023-01-11 | CVE-2023-20523 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. | 5.7 |
| 2023-01-11 | CVE-2023-20525 | Improper Input Validation vulnerability in AMD products Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | 6.5 |
| 2023-01-11 | CVE-2023-20527 | Improper Input Validation vulnerability in AMD products Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | 6.5 |
| 2023-01-11 | CVE-2023-20528 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | 2.4 |