1st gen amd epyc

This hub aggregates every CVE we track for 1st gen amd epyc, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting 1st gen amd epyc.

• CVE-2024-36349A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.3.8Jul 8, 2025
• CVE-2024-21925Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.8.2Feb 11, 2025
• CVE-2024-21981Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potenti...5.7Aug 13, 2024
• CVE-2022-23829A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.8.2Jun 18, 2024
• CVE-2023-20592Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential...6.5Nov 14, 2023
• CVE-2023-20521TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial ...3.3Nov 14, 2023
• CVE-2023-20569 A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled addres...4.7Aug 8, 2023
• CVE-2022-27672When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.4.7Feb 14, 2023
• CVE-2023-20527Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. 6.5Jan 10, 2023
• CVE-2021-26403Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. 6.5Jan 10, 2023
• CVE-2021-26398Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potentia...7.8Jan 10, 2023
• CVE-2021-26316Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code...7.8Jan 10, 2023
• CVE-2022-23824IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.5.5Nov 9, 2022
• CVE-2022-23825Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.6.5Jul 14, 2022
• CVE-2022-29900Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.6.5Jul 12, 2022