Shodan
Vulnerabilities
Vulnerable Software
Amd:  >> Epyc 7401 Firmware  >> naplespi-sp3_1.0.0.h  Security Vulnerabilities
CVE-2023-20578
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-08-13
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-11-14
CVE-2023-20526
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVSS Score
1.9
EPSS Score
0.0
Published
2023-11-14
CVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-14
CVE-2021-26356
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-05-09
CVE-2021-26371
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-05-09
CVE-2023-20527
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-11
CVE-2021-26398
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-11
CVE-2021-26403
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved