Summary
Detail | |||
---|---|---|---|
Vendor | Amd | First view | 2023-01-11 |
Product | Epyc 7343 Firmware | Last view | 2023-11-14 |
Version | milanpi_1.0.0.5 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:amd:epyc_7343_firmware |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.7 | 2023-11-14 | CVE-2023-20521 | TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. |
7.5 | 2023-05-09 | CVE-2023-20524 | An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. |
9.8 | 2023-05-09 | CVE-2023-20520 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. |
7.1 | 2023-05-09 | CVE-2021-26397 | Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. |
9.8 | 2023-05-09 | CVE-2021-26379 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. |
5.5 | 2023-05-09 | CVE-2021-26371 | A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. |
7.4 | 2023-05-09 | CVE-2021-26356 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. |
5.5 | 2023-05-09 | CVE-2021-26354 | Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. |
4.4 | 2023-01-11 | CVE-2021-26328 | Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-787 | Out-of-bounds Write |
40% (2) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
20% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |