Shodan
Vulnerabilities
Vulnerable Software
Amd:  >> Epyc 7h12  Security Vulnerabilities
CVE-2021-26347
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-05-11
CVE-2021-26370
Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-05-10
CVE-2021-26401
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-03-11
CVE-2021-26341
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-03-11
CVE-2020-12966
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-04
CVE-2021-26340
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).
CVSS Score
8.4
EPSS Score
0.001
Published
2021-12-10
CVE-2020-12944
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-11-16
CVE-2020-12946
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
CVSS Score
7.1
EPSS Score
0.001
Published
2021-11-16
CVE-2021-26320
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-16
CVE-2021-26321
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved