Multiple vulnerabilities in AMD server processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2022-23820 CVE-2021-46774 CVE-2023-20519 CVE-2023-20533 CVE-2023-20566 CVE-2021-26345 CVE-2021-46766 CVE-2022-23830 CVE-2023-20521 CVE-2023-20526 |
| CWE-ID | CWE-119 CWE-787 CWE-416 CWE-20 CWE-125 CWE-459 CWE-16 CWE-367 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
3rd Gen AMD EPYC Processors Hardware solutions / Firmware 1st Gen AMD EPYC Processors Hardware solutions / Firmware 2nd Gen AMD EPYC Processors Hardware solutions / Firmware 4th Gen AMD EPYC Processors Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU84016
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23820
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper validation of the AMD SMM communication buffer. A local user can corrupt the SMRAM and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.3
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU84017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46774
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing DRAM address in System
Management Unit (SMU). A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.K
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.G
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.B
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.8
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU84018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20519
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the management of an SNP guest context page. A malicious hypervisor can masquerade as the guest's migration agent and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.A
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.3
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU84020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20533
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.5
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU84021
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20566
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input n ASP with SNP enabled. A local user can compromise guest memory integrity.
Install updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.B
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.7
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU84022
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26345
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in APCB. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.F
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.A
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.0
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Incomplete cleanup
EUVDB-ID: #VU84023
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46766
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incomplete clearing of sensitive data in the ASP Bootloader. A local user with access to ASP SRAM can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versions4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.4
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Configuration
EUVDB-ID: #VU84025
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23830
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe issue may allow a local user to bypass implemented security restrictions.
The issue exists due to immutable SMM configuration when SNP is enabled. A local user can modify guest memory.
Install updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.A
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.1
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU84026
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20521
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service attack.
The vulnerability exists due to a race condition in ASP Bootloader. An attacker with physical access to device can tamper with SPI ROM records after memory content verification and gain access to sensitive information of perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.H
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.7
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU84027
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the ASP Bootloader. An attacker with physical access to device can read contents of ASP memory.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.H
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.5
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
