1st gen amd epyc™

This hub aggregates every CVE we track for 1st gen amd epyc™, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting 1st gen amd epyc™.

• CVE-2023-20520Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. 9.8May 9, 2023
• CVE-2021-26408Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.7.1May 10, 2022
• CVE-2021-26330AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.5.5Nov 16, 2021
• CVE-2020-12954A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.5.5Nov 16, 2021
• CVE-2021-26331AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.7.8Nov 16, 2021
• CVE-2021-26321Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.5.5Nov 16, 2021
• CVE-2021-26320Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP5.5Nov 16, 2021
• CVE-2021-26322Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.7.5Nov 16, 2021
• CVE-2021-26329AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.5.5Nov 16, 2021