ReportizFlow
Filtered by vendor Amd
Subscriptions
Total
287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26379 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2024-11-21 | 9.8 Critical |
| Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | ||||
| CVE-2021-26378 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 5.5 Medium |
| Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||||
| CVE-2021-26376 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 5.5 Medium |
| Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | ||||
| CVE-2021-26375 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 5.5 Medium |
| Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | ||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2024-11-21 | 5.5 Medium |
| Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | ||||
| CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 5.5 Medium |
| Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||||
| CVE-2021-26371 | 1 Amd | 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more | 2024-11-21 | 5.5 Medium |
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | ||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2024-11-21 | 7.1 High |
| Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | ||||
| CVE-2021-26369 | 1 Amd | 99 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 96 more | 2024-11-21 | 7.8 High |
| A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | ||||
| CVE-2021-26368 | 1 Amd | 140 Ryzen 3 2200u, Ryzen 3 2200u Firmware, Ryzen 3 2300u and 137 more | 2024-11-21 | 4.4 Medium |
| Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | ||||
| CVE-2021-26366 | 1 Amd | 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more | 2024-11-21 | 7.1 High |
| An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | ||||
| CVE-2021-26365 | 1 Amd | 108 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 105 more | 2024-11-21 | 8.2 High |
| Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. | ||||
| CVE-2021-26364 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 5.5 Medium |
| Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | ||||
| CVE-2021-26363 | 1 Amd | 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more | 2024-11-21 | 4.4 Medium |
| A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | ||||
| CVE-2021-26362 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 7.1 High |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | ||||
| CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 5.5 Medium |
| A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | ||||
| CVE-2021-26360 | 1 Amd | 36 Enterprise Driver, Radeon Pro Software, Radeon Pro W6300m and 33 more | 2024-11-21 | 7.8 High |
| An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | ||||
| CVE-2021-26356 | 1 Amd | 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more | 2024-11-21 | 7.4 High |
| A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | ||||
| CVE-2021-26355 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2024-11-21 | 5.5 Medium |
| Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | ||||
| CVE-2021-26354 | 1 Amd | 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more | 2024-11-21 | 5.5 Medium |
| Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. | ||||