Filtered by vendor Amd Subscriptions
Filtered by product Epyc 72f3 Firmware Subscriptions
Total 91 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-31346 2 Amd, Redhat 128 Epyc 7203 Firmware, Epyc 7203p, Epyc 7203p Firmware and 125 more 2024-10-24 6.0 Medium
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-31347 1 Amd 123 Epyc 7203 Firmware, Epyc 7203p, Epyc 7203p Firmware and 120 more 2024-10-22 4.9 Medium
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  
CVE-2021-46774 1 Amd 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more 2024-10-11 6.7 Medium
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2023-20592 2 Amd, Redhat 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more 2024-10-11 6.5 Medium
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
CVE-2023-20578 1 Amd 218 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 215 more 2024-10-02 7.5 High
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVE-2023-20594 1 Amd 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more 2024-09-25 4.4 Medium
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20569 5 Amd, Debian, Fedoraproject and 2 more 302 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 299 more 2024-09-23 4.7 Medium
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2020-12961 1 Amd 90 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 87 more 2024-09-17 7.8 High
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
CVE-2021-46771 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2024-09-17 7.8 High
Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.
CVE-2021-26337 1 Amd 224 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 221 more 2024-09-17 5.5 Medium
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
CVE-2021-26375 1 Amd 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more 2024-09-17 5.5 Medium
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
CVE-2021-26327 1 Amd 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more 2024-09-17 5.5 Medium
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
CVE-2021-26339 1 Amd 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more 2024-09-17 5.5 Medium
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
CVE-2021-26338 1 Amd 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more 2024-09-17 7.5 High
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.
CVE-2020-12951 1 Amd 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more 2024-09-17 7.0 High
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
CVE-2022-23824 3 Amd, Fedoraproject, Xen 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more 2024-09-17 5.5 Medium
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2021-26315 1 Amd 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more 2024-09-17 7.8 High
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.
CVE-2020-12966 1 Amd 214 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 211 more 2024-09-17 5.5 Medium
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.
CVE-2021-26349 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2024-09-17 5.5 Medium
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
CVE-2021-26322 1 Amd 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more 2024-09-17 7.5 High
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.