Advanced Micro Devices (AMD) EPYC 7501 FIRMWARE NAPLESPI-SP3 1.0.0.G

CPE Details

Advanced Micro Devices (AMD) EPYC 7501 FIRMWARE NAPLESPI-SP3 1.0.0.G
amd
epyc_7501_firmware
naplespi-sp3_1.0.0.g
2021-11-18
13h49 +00:00
2021-11-18
17h13 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:amd:epyc_7501_firmware:naplespi-sp3_1.0.0.g:*:*:*:*:*:*:*

Informations

Vendor

amd

Product

epyc_7501_firmware

Version

naplespi-sp3_1.0.0.g

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20578 2024-08-13 16h52 +00:00 A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
7.5
High
CVE-2023-20526 2023-11-14 18h52 +00:00 Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
4.6
Medium
CVE-2023-20521 2023-11-14 18h52 +00:00 TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
5.7
Medium
CVE-2021-46774 2023-11-14 18h52 +00:00 Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
7.5
High
CVE-2021-26371 2023-05-09 18h59 +00:00 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
5.5
Medium
CVE-2021-26356 2023-05-09 18h58 +00:00 A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
7.4
High
CVE-2023-20527 2023-01-10 20h57 +00:00 Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
6.5
Medium
CVE-2021-26403 2023-01-10 20h56 +00:00 Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
6.5
Medium
CVE-2021-26398 2023-01-10 20h56 +00:00 Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
7.8
High
CVE-2021-26342 2022-05-11 16h21 +00:00 In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.
3.3
Low