Advanced Micro Devices (AMD) EPYC 7452 Firmware RomePI 1.0.0.C

CPE Details

Advanced Micro Devices (AMD) EPYC 7452 Firmware RomePI 1.0.0.C
amd
epyc_7452_firmware
romepi_1.0.0.c
2023-01-17
16h07 +00:00
2023-01-25
05h04 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:amd:epyc_7452_firmware:romepi_1.0.0.c:*:*:*:*:*:*:*

Informations

Vendor

amd

Product

epyc_7452_firmware

Version

romepi_1.0.0.c

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20578 2024-08-13 16h52 +00:00 A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
7.5
High
CVE-2021-26345 2023-11-14 18h53 +00:00 Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
4.9
Medium
CVE-2023-20533 2023-11-14 18h52 +00:00 Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
7.5
High
CVE-2023-20526 2023-11-14 18h52 +00:00 Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
4.6
Medium
CVE-2023-20521 2023-11-14 18h52 +00:00 TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
5.7
Medium
CVE-2021-46774 2023-11-14 18h52 +00:00 Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
7.5
High
CVE-2021-26371 2023-05-09 18h59 +00:00 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
5.5
Medium
CVE-2021-26356 2023-05-09 18h58 +00:00 A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
7.4
High
CVE-2021-26354 2023-05-09 18h58 +00:00 Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
5.5
Medium
CVE-2023-20524 2023-05-09 18h36 +00:00 An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
7.5
High
CVE-2021-26379 2023-05-09 18h36 +00:00 Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
9.8
Critical
CVE-2023-20525 2023-01-10 20h57 +00:00 Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
6.5
Medium
CVE-2021-26316 2023-01-10 19h46 +00:00 Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
7.8
High