Advanced Micro Devices (AMD) EPYC 7743 Firmware MilanPI 1.0.0.3

CPE Details

Advanced Micro Devices (AMD) EPYC 7743 Firmware MilanPI 1.0.0.3
amd
epyc_7743_firmware
milanpi_1.0.0.3
2023-01-17
18h34 +00:00
2023-01-25
05h04 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:amd:epyc_7743_firmware:milanpi_1.0.0.3:*:*:*:*:*:*:*

Informations

Vendor

amd

Product

epyc_7743_firmware

Version

milanpi_1.0.0.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-20532 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
5.3
Moyen
CVE-2023-20531 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20530 2023-01-10 20h57 +00:00 Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20529 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20528 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
2.4
Bas
CVE-2023-20527 2023-01-10 20h57 +00:00 Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
6.5
Moyen
CVE-2023-20525 2023-01-10 20h57 +00:00 Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
6.5
Moyen
CVE-2023-20523 2023-01-10 20h56 +00:00 TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
5.7
Moyen
CVE-2021-26402 2023-01-10 20h56 +00:00 Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
7.1
Haute
CVE-2021-26398 2023-01-10 20h56 +00:00 Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
7.8
Haute
CVE-2021-26328 2023-01-10 20h56 +00:00 Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
4.4
Moyen