Vulnerabilities (CVE)

Filtered by vendor Amd Subscribe
Filtered by product Epyc 72f3
Total 87 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20533 1 Amd 170 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 167 more 2024-02-13 N/A 7.5 HIGH
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2023-20526 1 Amd 146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more 2024-02-13 N/A 4.6 MEDIUM
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVE-2023-20521 1 Amd 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more 2024-02-13 N/A 5.7 MEDIUM
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVE-2022-23830 1 Amd 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more 2024-02-13 N/A 5.3 MEDIUM
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
CVE-2021-46774 1 Amd 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more 2024-02-13 N/A 7.5 HIGH
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2021-46762 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-13 N/A 9.1 CRITICAL
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVE-2021-26345 1 Amd 180 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 177 more 2024-02-13 N/A 4.9 MEDIUM
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
CVE-2022-23824 3 Amd, Fedoraproject, Xen 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more 2024-02-04 N/A 5.5 MEDIUM
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2023-20573 1 Amd 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more 2024-01-18 N/A 3.2 LOW
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
CVE-2023-20566 1 Amd 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more 2023-12-10 N/A 7.5 HIGH
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
CVE-2023-20592 1 Amd 138 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 135 more 2023-12-10 N/A 6.5 MEDIUM
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
CVE-2023-20569 3 Amd, Debian, Fedoraproject 284 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 281 more 2023-12-10 N/A 4.7 MEDIUM
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
CVE-2023-20594 1 Amd 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more 2023-12-10 N/A 4.4 MEDIUM
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20524 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2023-12-10 N/A 7.5 HIGH
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2021-26356 1 Amd 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more 2023-12-10 N/A 7.4 HIGH
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2021-46756 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2023-12-10 N/A 9.1 CRITICAL
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
CVE-2022-23818 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2023-12-10 N/A 7.5 HIGH
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.
CVE-2021-46764 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2023-12-10 N/A 7.5 HIGH
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
CVE-2023-20575 1 Amd 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more 2023-12-10 N/A 6.5 MEDIUM
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
CVE-2021-46763 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2023-12-10 N/A 7.5 HIGH
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.