Advanced Micro Devices (AMD) EPYC 7743 Firmware MilanPI-SP3 1.0.0.9

CPE Details

Advanced Micro Devices (AMD) EPYC 7743 Firmware MilanPI-SP3 1.0.0.9
amd
epyc_7743_firmware
milanpi-sp3_1.0.0.9
2023-01-17
17h32 +00:00
2023-01-25
05h04 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:amd:epyc_7743_firmware:milanpi-sp3_1.0.0.9:*:*:*:*:*:*:*

Informations

Vendor

amd

Product

epyc_7743_firmware

Version

milanpi-sp3_1.0.0.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20532 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
5.3
Medium
CVE-2023-20531 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
7.5
High
CVE-2023-20530 2023-01-10 20h57 +00:00 Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
7.5
High
CVE-2023-20529 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
7.5
High
CVE-2023-20528 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
2.4
Low
CVE-2023-20527 2023-01-10 20h57 +00:00 Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
6.5
Medium
CVE-2023-20525 2023-01-10 20h57 +00:00 Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
6.5
Medium
CVE-2023-20523 2023-01-10 20h56 +00:00 TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
5.7
Medium
CVE-2021-26402 2023-01-10 20h56 +00:00 Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
7.1
High
CVE-2021-26398 2023-01-10 20h56 +00:00 Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
7.8
High
CVE-2021-26343 2023-01-10 20h56 +00:00 Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
5.5
Medium
CVE-2021-26328 2023-01-10 20h56 +00:00 Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
4.4
Medium