Shodan
Vulnerabilities
Vulnerable Software
Amd:  >> Epyc 7313 Firmware  >> milanpi-sp3_1.0.0.7  Security Vulnerabilities
CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-05-09
CVE-2021-26379
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-09
CVE-2021-26397
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-09
CVE-2023-20531
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-11
CVE-2023-20532
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-11
CVE-2023-20523
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
CVSS Score
5.7
EPSS Score
0.001
Published
2023-01-11
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-11
CVE-2023-20527
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-11
CVE-2023-20528
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-01-11
CVE-2023-20529
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved