Amd: >> Epyc 7351p Security Vulnerabilities
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-11-16
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
CVSS Score
7.0
EPSS Score
0.001
Published
2021-11-16
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-16
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-16
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-16
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-16
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-16
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-16
A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-11
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
CVSS Score
7.2
EPSS Score
0.016
Published
2021-05-13