Amd: >> Epyc 7571 Firmware Security Vulnerabilities
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVSS Score
5.5
EPSS Score
0.04
Published
2023-08-08
Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-05-09
Improper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-05-09
Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-09