Amd epyc™ embedded 9003

This hub aggregates every CVE we track for Amd epyc™ embedded 9003, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Amd epyc™ embedded 9003.

• CVE-2023-20578A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbit...7.5Aug 13, 2024
• CVE-2023-31315Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code...7.5Aug 9, 2024
• CVE-2024-21980Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.7.9Aug 5, 2024
• CVE-2024-21978Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.6.0Aug 5, 2024
• CVE-2023-31355Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.6.0Aug 5, 2024
• CVE-2023-20587Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. 7.1Feb 13, 2024
• CVE-2023-20566Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.5.3Nov 14, 2023
• CVE-2021-46766Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.2.5Nov 14, 2023