Amd Epyc Embedded 3000 Series Processors vulnerabilities

CVE-2025-52533 [HIGH] CWE-1191 CVE-2025-52533: Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

CVE-2024-36349 [LOW] CWE-1420 CVE-2024-36349: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

CVE-2021-26344 [HIGH] CWE-787 CVE-2021-26344: An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

CVE-2021-46746 [MEDIUM] CWE-120 CVE-2021-46746: Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

CVE-2024-21981 [MEDIUM] CWE-639 CVE-2024-21981: Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVE-2021-26387 [LOW] CWE-863 CVE-2021-26387: Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signin Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.