Epyc 7H12 Firmware
CVE-2023-20529
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
AnalysisAI
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Affected products include: Amd Epyc 7H12 Firmware, Amd Epyc 7F72 Firmware, Amd Epyc 7F52 Firmware, Amd Epyc 7F32 Firmware, Amd Epyc 7742 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
More in Epyc 7H12 Firmware
View allImproper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-b
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control table
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. Rate
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervis
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, po
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the b
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today