CVE-2020-12944: Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

Affected

59 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	athlon_series	—	—
amd	epyc_7232p_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7251_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7252_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7261_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7262_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7272_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7281_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7282_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_72f3_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4
amd	epyc_7301_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7302_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7302p_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7313_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4
amd	epyc_7313p_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4
amd	epyc_7343_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4
amd	epyc_7351_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7351p_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7352_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7371_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_73f3_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4
amd	epyc_7401_firmware	< naplespi-sp3_1.0.0.g	naplespi-sp3_1.0.0.g
amd	epyc_7402_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7402p_firmware	< romepi-sp3_1.0.0.c	romepi-sp3_1.0.0.c
amd	epyc_7413_firmware	< milanpi-sp3_1.0.0.4	milanpi-sp3_1.0.0.4