Vulnerabilities > AMD > Epyc 7713 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 5.5 |
| 2021-11-16 | CVE-2021-26321 | Command Injection vulnerability in AMD products Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | 5.5 |
| 2021-11-16 | CVE-2021-26323 | Improper Input Validation vulnerability in AMD products Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | 7.8 |
| 2021-11-16 | CVE-2021-26325 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | 5.5 |
| 2021-11-16 | CVE-2021-26327 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | 5.5 |
| 2021-11-16 | CVE-2021-26330 | Out-of-bounds Write vulnerability in AMD products AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | 5.5 |
| 2021-11-16 | CVE-2021-26331 | Unspecified vulnerability in AMD products AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | 7.8 |
| 2021-11-16 | CVE-2021-26335 | Unspecified vulnerability in AMD products Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. | 7.8 |
| 2021-11-16 | CVE-2021-26336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | 5.5 |
| 2021-11-16 | CVE-2021-26337 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | 5.5 |