Amd Epyc 7002 Firmware vulnerabilities

CVE-2020-12951 [HIGH] CWE-362 CVE-2020-12951: Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Manag Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.

CVE-2020-12954 [MEDIUM] CWE-693 CVE-2020-12954: A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI RO A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

CVE-2021-26337 [MEDIUM] CVE-2021-26337: Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from i Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.

CVE-2021-26330 [MEDIUM] CWE-122 CVE-2021-26330: AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

CVE-2021-26336 [MEDIUM] CWE-119 CVE-2021-26336: Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updat Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

CVE-2020-12988 [HIGH] CVE-2020-12988: A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.