Amd 3Rd Gen Amd Epyc vulnerabilities
28 known vulnerabilities affecting amd/3rd_gen_amd_epyc.
Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH17MEDIUM8
Vulnerabilities
Page 2 of 2
CVE-2021-26322HIGHCVSS 7.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26322 [HIGH] CWE-320 CVE-2021-26322: Persistent platform private key may not be protected with a random IV leading to a potential “two ti
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
cvelistv5nvd
CVE-2021-26321MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26321 [MEDIUM] CWE-20 CVE-2021-26321: Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to p
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
cvelistv5nvd
CVE-2021-26320MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26320 [MEDIUM] CWE-295 CVE-2021-26320: Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmwa
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
cvelistv5nvd
CVE-2020-12954MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2020-12954 [MEDIUM] CWE-693 CVE-2020-12954: A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI RO
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
cvelistv5nvd
CVE-2021-26325MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26325 [MEDIUM] CWE-20 CVE-2021-26325: Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort er
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
cvelistv5nvd
CVE-2021-26330MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26330 [MEDIUM] CWE-122 CVE-2021-26330: AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
cvelistv5nvd
CVE-2021-26327MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26327 [MEDIUM] CWE-20 CVE-2021-26327: Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
cvelistv5nvd
CVE-2021-26329MEDIUMCVSS 5.5≥ unspecified, < MilanPI-SP3_1.0.0.42021-11-16
CVE-2021-26329 [MEDIUM] CWE-130 CVE-2021-26329: AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provid
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
cvelistv5nvd
← Previous2 / 2