Skip to main content

Epyc 7002 Firmware

16 CVEs product

Monthly

CVE-2023-20532 MEDIUM This Month

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-20531 HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware +47
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20529 HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware +47
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20528 LOW Monitor

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2023-20527 MEDIUM This Month

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +60
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20525 MEDIUM This Month

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20523 MEDIUM This Month

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2022-23824 MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +165
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29900 MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora Xen Athlon X4 750 Firmware +122
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2022-23823 MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +139
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-26337 MEDIUM This Month

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7003 Firmware Epyc 7002 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +108
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26336 MEDIUM This Month

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7003 Firmware Epyc 7002 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +91
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26335 HIGH This Week

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware Epyc 7002 Firmware Epyc 7001 Firmware +55
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26331 HIGH This Week

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware Epyc 7002 Firmware Epyc 7001 Firmware +55
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26330 MEDIUM This Month

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Amd Epyc 7003 Firmware Epyc 7002 Firmware +56
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 1% CVSS 5.3
MEDIUM This Month

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware +48
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware +49
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware +49
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7H12 Firmware Epyc 7F72 Firmware +48
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7H12 Firmware Epyc 7F72 Firmware +62
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware +48
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware +48
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware +167
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +125
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora +124
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +141
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7003 Firmware Epyc 7002 Firmware +110
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7003 Firmware Epyc 7002 Firmware +93
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware +57
NVD
EPSS 0% CVSS 7.8
HIGH This Week

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware +57
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Amd +58
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy