Amd Epyc 8434pn Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Amd Epyc 8434pn Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-21980 — CVSS 7.9 (high): Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or…
CVE-2023-20578 — CVSS 7.5 (high): A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify…
CVE-2021-46774 — CVSS 6.7 (medium): Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address…
CVE-2023-20591 — CVSS 6.5 (medium): Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker…
CVE-2024-21978 — CVSS 6.0 (medium): Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data…
CVE-2023-31346 — CVSS 6.0 (medium): Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-31355 — CVSS 6.0 (medium): Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially…
CVE-2023-20584 — CVSS 5.3 (medium): IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with…
CVE-2023-20566 — CVSS 5.3 (medium): Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
CVE-2023-31347 — CVSS 4.9 (medium): Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when…
CVE-2023-20573 — CVSS 3.2 (low): A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected…
CVE-2021-26345 — CVSS 1.9 (low): Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read…
CVE-2022-23830 — CVSS 1.9 (low): SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.