amd 1st Gen AMD EPYC™ Processors - 13 CVEs, 1 Versions

CVE-2023-31315

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

HIGH Aug 09, 2024

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

HIGH Jun 18, 2024

CVE-2023-20587

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

UNKNOWN Feb 13, 2024

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

LOW Nov 14, 2023

CVE-2021-46774

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

MEDIUM Nov 14, 2023

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

UNKNOWN Aug 08, 2023

CVE-2021-46756

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

UNKNOWN May 09, 2023

1st Gen AMD EPYC™ Processors

Versions

various

Recent CVEs