Vulnerabilities (CVE)

Filtered by vendor Amd Subscribe
Filtered by product Epyc 7252
Total 65 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20593 3 Amd, Debian, Xen 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more 2024-11-19 N/A 5.5 MEDIUM
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-20578 1 Amd 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 207 more 2024-10-02 N/A 6.4 MEDIUM
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVE-2023-20533 1 Amd 170 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 167 more 2024-06-18 N/A 7.5 HIGH
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2023-20526 1 Amd 146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more 2024-06-18 N/A 4.6 MEDIUM
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVE-2023-20521 1 Amd 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more 2024-06-18 N/A 5.7 MEDIUM
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVE-2021-46774 1 Amd 274 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 271 more 2024-06-18 N/A 7.5 HIGH
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
CVE-2021-46762 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-06-18 N/A 9.1 CRITICAL
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVE-2021-26345 1 Amd 180 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 177 more 2024-06-18 N/A 4.9 MEDIUM
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
CVE-2023-20592 1 Amd 138 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 135 more 2024-02-05 N/A 6.5 MEDIUM
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
CVE-2021-26379 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-04 N/A 9.8 CRITICAL
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
CVE-2023-20575 1 Amd 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more 2024-02-04 N/A 6.5 MEDIUM
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
CVE-2023-20520 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2024-02-04 N/A 9.8 CRITICAL
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
CVE-2023-20524 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-04 N/A 7.5 HIGH
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2021-26371 1 Amd 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more 2024-02-04 N/A 5.5 MEDIUM
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2021-26356 1 Amd 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more 2024-02-04 N/A 7.4 HIGH
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2021-46756 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2024-02-04 N/A 9.1 CRITICAL
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
CVE-2021-46775 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-04 N/A 6.8 MEDIUM
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
CVE-2021-46764 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-04 N/A 7.5 HIGH
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
CVE-2021-46763 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-02-04 N/A 7.5 HIGH
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
CVE-2021-26354 1 Amd 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more 2024-02-04 N/A 5.5 MEDIUM
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.