Amd - Epyc 7001 Firmware CVE - OpenCVE

Filtered by vendor Amd Subscriptions

Filtered by product Epyc 7001 Firmware Subscriptions

Total 26 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-26371	1 Amd	256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more	2024-08-03	5.5 Medium
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2021-26398	1 Amd	128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more	2024-08-03	7.8 High
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
CVE-2021-26356	1 Amd	196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more	2024-08-03	7.4 High
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2023-20526	1 Amd	146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more	2024-08-02	1.9 Low
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVE-2023-20527	1 Amd	128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more	2024-08-02	6.5 Medium
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVE-2023-20521	1 Amd	186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more	2024-08-02	3.3 Low
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

« first previous Page 2 of 2.