epyc 7443 firmware · threatengine.sh

Home/Product/amd epyc 7443 firmware

Product

amd epyc 7443 firmware

88 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

< milanpi_1.0.0.b

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an a

< milanpi_1.0.0.b

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with

< milanpi_1.0.0.5

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell

< milanpi_1.0.0.5

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the abil

< milanpi_1.0.0.d

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's mem

< milanpi_1.0.0.d

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to d

< milanpi_1.0.0.d

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potent

< milanpi_1.0.0.c

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect

< milanpi_1.0.0.c

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving exp

< milanpi_1.0.0.c

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affe

< milanpi_1.0.0.b

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.

< milanpi_1.0.0.5

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM a

< milanpi_1.0.0.5

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents o

< milanpi_1.0.0.7

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verifi

< milanpi_1.0.0.a

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory int

< milanpi_1.0.0.b

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM a

< milanpi_1.0.0.a

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memo

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

< milanpi_1.0.0.c

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may re

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffe

Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory int

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentia

Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory b

Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or d

< milanpi_1.0.0.9

Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations poten

< milanpi_1.0.0.9

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially lea

< milanpi_1.0.0.6

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memo

< milanpi_1.0.0.6

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in

< milanpi_1.0.0.6

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary

< milanpi_1.0.0.5

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of

< milanpi_1.0.0.5

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentiall

< milanpi_1.0.0.5

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a

< milanpi_1.0.0.5

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially res

< milanpi_1.0.0.5

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentia

< milanpi_1.0.0.5

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially

< milanpi_1.0.0.5

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a

< milanpi_1.0.0.5

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or d

< milanpi-sp3_1.0.0.9

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information discl

< milanpi_1.0.0.4

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to

< milanpi_1.0.0.4

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corr

< milanpi-sp3_1.0.0.9

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP

< milanpi-sp3_1.0.0.7

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could

< milanpi_1.0.0.3

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sens

< milanpi_1.0.0.8

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guest

< milanpi-sp3_1.0.0.8

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring c

< milanpi-sp3_1.0.0.7

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a

< milanpi-sp3_1.0.0.7

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write t

< milanpi-sp3_1.0.0.7

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer ove

< milanpi-sp3_1.0.0.7

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations t

< milanpi-sp3_1.0.0.7

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang

< milanpi-sp3_1.0.0.4

Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code exe

< milanpi-sp3_1.0.0.4

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or A

< milanpi-sp3_1.0.0.4

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initiali

< milanpi-sp3_1.0.0.4

Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.

< milanpi-sp3_1.0.0.4

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.

< milanpi-sp3_1.0.0.5

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Tr

< milanpi-sp3_1.0.0.4

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM re

< milanpi-sp3_1.0.0.4

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU ha

< milanpi-sp3_1.0.0.4

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker

< milanpi-sp3_1.0.0.4

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leadi

< milanpi-sp3_1.0.0.4

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

< milanpi-sp3_1.0.0.4

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.

< milanpi-sp3_1.0.0.4

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.

< milanpi-sp3_1.0.0.4

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.

< milanpi-sp3_1.0.0.4

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of

< milanpi-sp3_1.0.0.4

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authentic

< milanpi-sp3_1.0.0.4

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to in

< milanpi-sp3_1.0.0.4

A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged regist

< milanpi-sp3_1.0.0.4

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauth

< milanpi-sp3_1.0.0.4

Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.

< milanpi-sp3_1.0.0.4

Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of se

< milanpi-sp3_1.0.0.4

Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.

< milanpi-sp3_1.0.0.4

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located

< milanpi-sp3_1.0.0.4

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a poten

< milanpi-sp3_1.0.0.4

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity.

< milanpi-sp3_1.0.0.4

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.

< milanpi-sp3_1.0.0.4

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write t

< milanpi-sp3_1.0.0.4

A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin