Vulnerabilities > AMD > Epyc 7643 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-11 | CVE-2021-26364 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26372 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26373 | Improper Input Validation vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26375 | Unspecified vulnerability in AMD products Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26376 | Unspecified vulnerability in AMD products Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26378 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-26388 | Out-of-bounds Read vulnerability in AMD products Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | 5.5 |
| 2022-05-11 | CVE-2021-46744 | Information Exposure Through Discrepancy vulnerability in AMD products An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | 6.5 |
| 2022-02-04 | CVE-2020-12966 | Information Exposure vulnerability in AMD products AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). | 5.5 |
| 2021-11-16 | CVE-2020-12954 | Unspecified vulnerability in AMD products A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. | 5.5 |