SMU
by AMD
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6538 | 0.03 | — | 0.02 | Dec 11, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to… | |||
| CVE-2021-46763 | 0.00 | — | 0.00 | May 9, 2023 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | |||
| CVE-2021-46762 | 0.00 | — | 0.00 | May 9, 2023 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | |||
| CVE-2021-26379 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | |||
| CVE-2023-20530 | 0.00 | — | 0.01 | Jan 10, 2023 | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | |||
| CVE-2023-20528 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | |||
| CVE-2021-26350 | 0.00 | — | 0.00 | May 11, 2022 | A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. |
- CVE-2023-6538Dec 11, 2023risk 0.03cvss —epss 0.02
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to…
- CVE-2021-46763May 9, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
- CVE-2021-46762May 9, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
- CVE-2021-26379May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
- CVE-2023-20530Jan 10, 2023risk 0.00cvss —epss 0.01
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
- CVE-2023-20528Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
- CVE-2021-26350May 11, 2022risk 0.00cvss —epss 0.00
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.