Vulnerabilities > AMD

DATE CVE VULNERABILITY TITLE RISK
2021-11-16 CVE-2021-26320 Improper Certificate Validation vulnerability in AMD products
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
local
low complexity
amd CWE-295
2.1
2021-11-16 CVE-2021-26321 Command Injection vulnerability in AMD products
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
local
low complexity
amd CWE-77
4.9
2021-11-16 CVE-2021-26323 Improper Input Validation vulnerability in AMD products
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.
local
low complexity
amd CWE-20
4.6
2021-11-16 CVE-2021-26325 Improper Input Validation vulnerability in AMD products
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
local
low complexity
amd CWE-20
2.1
2021-11-16 CVE-2021-26327 Exposure of Resource to Wrong Sphere vulnerability in AMD products
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
local
low complexity
amd CWE-668
2.1
2021-11-16 CVE-2021-26330 Out-of-bounds Write vulnerability in AMD products
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
local
low complexity
amd CWE-787
2.1
2021-11-16 CVE-2021-26331 Unspecified vulnerability in AMD products
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
local
low complexity
amd
7.2
2021-11-16 CVE-2021-26335 Unspecified vulnerability in AMD products
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.
local
low complexity
amd
7.2
2021-11-16 CVE-2021-26336 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
local
low complexity
amd CWE-119
5.5
2021-11-16 CVE-2021-26337 Unspecified vulnerability in AMD products
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
local
low complexity
amd
2.1