Advanced Micro Devices (AMD) EPYC 7003 Firmware MilanPI-SP3 1.0.0.9

CPE Details

Advanced Micro Devices (AMD) EPYC 7003 Firmware MilanPI-SP3 1.0.0.9
amd
epyc_7003_firmware
milanpi-sp3_1.0.0.9
2023-01-17
17h26 +00:00
2023-01-25
05h04 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:amd:epyc_7003_firmware:milanpi-sp3_1.0.0.9:*:*:*:*:*:*:*

Informations

Vendor

amd

Product

epyc_7003_firmware

Version

milanpi-sp3_1.0.0.9

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-26371 2023-05-09 18h59 +00:00 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
5.5
Moyen
CVE-2021-26354 2023-05-09 18h58 +00:00 Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
5.5
Moyen
CVE-2023-20532 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
5.3
Moyen
CVE-2023-20531 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20530 2023-01-10 20h57 +00:00 Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20529 2023-01-10 20h57 +00:00 Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
7.5
Haute
CVE-2023-20528 2023-01-10 20h57 +00:00 Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
2.4
Bas
CVE-2023-20527 2023-01-10 20h57 +00:00 Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
6.5
Moyen
CVE-2023-20525 2023-01-10 20h57 +00:00 Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
6.5
Moyen
CVE-2023-20523 2023-01-10 20h56 +00:00 TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
5.7
Moyen
CVE-2021-26402 2023-01-10 20h56 +00:00 Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
7.1
Haute
CVE-2021-26398 2023-01-10 20h56 +00:00 Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
7.8
Haute
CVE-2021-26343 2023-01-10 20h56 +00:00 Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
5.5
Moyen
CVE-2021-26328 2023-01-10 20h56 +00:00 Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
4.4
Moyen