Filtered by vendor Amd
Subscribe
Total
252 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||||
CVE-2021-46744 | 1 Amd | 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | |||||
CVE-2021-26400 | 1 Amd | 1 Cpu | 2023-12-10 | 2.1 LOW | 4.0 MEDIUM |
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||||
CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | |||||
CVE-2022-23823 | 1 Amd | 284 A10-9600p, A10-9600p Firmware, A10-9630p and 281 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. | |||||
CVE-2021-44850 | 1 Amd | 20 Xilinx Z-7007s, Xilinx Z-7007s Firmware, Xilinx Z-7010 and 17 more | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. | |||||
CVE-2021-26366 | 1 Amd | 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | |||||
CVE-2021-26341 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | |||||
CVE-2021-26378 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
CVE-2021-26317 | 1 Amd | 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | |||||
CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | |||||
CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
CVE-2020-12946 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2023-12-10 | 6.6 MEDIUM | 7.1 HIGH |
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. | |||||
CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | |||||
CVE-2021-26322 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | |||||
CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
CVE-2021-26326 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. | |||||
CVE-2020-12961 | 1 Amd | 90 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 87 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections. | |||||
CVE-2021-26330 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. |