CPE Details
Advanced Micro Devices (AMD) EPYC 7501 Firmware NaplesPI 1.0.0.G
naplespi_1.0.0.g
2023-01-18
13h43 +00:00
13h43 +00:00
2023-01-25
05h04 +00:00
05h04 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:amd:epyc_7501_firmware:naplespi_1.0.0.g:*:*:*:*:*:*:*
Informations
Vendor
amdProduct
epyc_7501_firmwareVersion
naplespi_1.0.0.gRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 7.5 |
High |
||
| Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | 4.6 |
Medium |
||
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | 5.7 |
Medium |
||
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
High |
||
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | 5.5 |
Medium |
||
| A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | 7.4 |
High |
||
| Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | 7.8 |
High |
2025©
tesweb SA
