Amd: >> Epyc 7371 Security Vulnerabilities
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-16
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-16
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-16
A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-11
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
CVSS Score
7.2
EPSS Score
0.016
Published
2021-05-13
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
CVSS Score
7.2
EPSS Score
0.013
Published
2021-05-13
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-06-25
Page 4