Shodan
Vulnerabilities
Vulnerable Software
Amd:  >> Epyc 7713p Firmware  >> milanpi-sp3_1.0.0.9  Security Vulnerabilities
CVE-2023-20526
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVSS Score
1.9
EPSS Score
0.0
Published
2023-11-14
CVE-2023-20533
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-11-14
CVE-2023-20566
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-11-14
CVE-2021-26345
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
CVSS Score
1.9
EPSS Score
0.0
Published
2023-11-14
CVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-14
CVE-2022-23830
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
CVSS Score
1.9
EPSS Score
0.001
Published
2023-11-14
CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVSS Score
4.7
EPSS Score
0.006
Published
2023-08-08
CVE-2021-26354
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-09
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-05-09
CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved