Amd: >> Epyc 7473x Firmware Security Vulnerabilities
Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-09
A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-05-09
A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-05-09
Insufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially
leading to a loss of integrity and privilege escalation.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-05-09
Insufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations
potentially resulting in a loss of integrity or availability.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-09
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-11
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-11-09
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-08-10
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-11
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-05-11