Amd 3Rd Gen Epyc vulnerabilities

26 known vulnerabilities affecting amd/3rd_gen_epyc.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH11MEDIUM14LOW1

Vulnerabilities

Page 2 of 2
CVE-2022-23813MEDIUMCVSS 5.3vvarious 2023-01-11
CVE-2022-23813 [MEDIUM] CWE-119 CVE-2022-23813: The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.
cvelistv5nvd
CVE-2023-20523MEDIUMCVSS 5.7vvarious 2023-01-11
CVE-2023-20523 [MEDIUM] CWE-367 CVE-2023-20523: TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leadi TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
cvelistv5nvd
CVE-2021-26343MEDIUMCVSS 5.5vvarious 2023-01-11
CVE-2021-26343 [MEDIUM] CWE-668 CVE-2021-26343: Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
cvelistv5nvd
CVE-2023-20528LOWCVSS 2.4vvarious 2023-01-11
CVE-2023-20528 [LOW] CWE-20 CVE-2023-20528: Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory cont Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
cvelistv5nvd
CVE-2021-26353HIGHCVSS 7.8vvarious2022-05-10
CVE-2021-26353 [HIGH] CWE-665 CVE-2021-26353: Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRT Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.
cvelistv5nvd
CVE-2021-39298HIGHCVSS 8.8vvarious2022-02-16
CVE-2021-39298 [HIGH] CVE-2021-39298: A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacke A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
cvelistv5nvd
← Previous2 / 2