Vulnerabilities > AMD > Epyc 7H12 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2020-12966 | Information Exposure vulnerability in AMD products AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). | 5.5 |
| 2021-12-10 | CVE-2021-26340 | Unspecified vulnerability in AMD products A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | 3.6 |
| 2021-11-16 | CVE-2020-12944 | Improper Input Validation vulnerability in AMD products Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. | 7.8 |
| 2021-11-16 | CVE-2020-12946 | Improper Input Validation vulnerability in AMD products Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. | 6.6 |
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 2.1 |
| 2021-11-16 | CVE-2021-26321 | Command Injection vulnerability in AMD products Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | 4.9 |
| 2021-11-16 | CVE-2021-26312 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | 2.1 |
| 2021-11-16 | CVE-2021-26322 | Use of Insufficiently Random Values vulnerability in AMD products Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | 7.5 |
| 2021-11-16 | CVE-2021-26329 | Integer Overflow or Wraparound vulnerability in AMD products AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. | 2.1 |
| 2021-11-16 | CVE-2021-26338 | Unspecified vulnerability in AMD products Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. | 7.5 |