Amd Epyc 7373X Firmware vulnerabilities

67 known vulnerabilities affecting amd/epyc_7373x_firmware.

Total CVEs
67
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH24MEDIUM36LOW2

Vulnerabilities

Page 4 of 4
CVE-2021-26375MEDIUMCVSS 5.5fixed in milanpi-sp3_1.0.0.72022-05-11
CVE-2021-26375 [MEDIUM] CVE-2021-26375: Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in ac Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
nvd
CVE-2021-26342LOWCVSS 3.3fixed in milanpi-sp3_1.0.0.72022-05-11
CVE-2021-26342 [LOW] CVE-2021-26342: In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a parti In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV
nvd
CVE-2021-26324HIGHCVSS 7.8fixed in milanpi-sp3_1.0.0.42022-05-10
CVE-2021-26324 [HIGH] CVE-2021-26324: A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.
nvd
CVE-2021-46771HIGHCVSS 7.8fixed in milanpi-sp3_1.0.0.42022-05-10
CVE-2021-46771 [HIGH] CWE-20 CVE-2021-46771: Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentia Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.
nvd
CVE-2021-26353HIGHCVSS 7.8fixed in milanpi-sp3_1.0.0.42022-05-10
CVE-2021-26353 [HIGH] CWE-665 CVE-2021-26353: Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRT Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.
nvd
CVE-2021-26332HIGHCVSS 7.1fixed in milanpi-sp3_1.0.0.42022-05-10
CVE-2021-26332 [HIGH] CVE-2021-26332: Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of int Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.
nvd
CVE-2021-26370HIGHCVSS 7.1fixed in milanpi-sp3_1.0.0.42022-05-10
CVE-2021-26370 [HIGH] CWE-20 CVE-2021-26370: Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_A Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
nvd
← Previous4 / 4