VYPR

SMU

by AMD

CVEs (7)

  • CVE-2023-6538Dec 11, 2023
    risk 0.03cvss epss 0.02

    SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to…

  • CVE-2021-46763May 9, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.

  • CVE-2021-46762May 9, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.

  • CVE-2021-26379May 9, 2023
    risk 0.00cvss epss 0.01

    Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.

  • CVE-2023-20530Jan 10, 2023
    risk 0.00cvss epss 0.01

    Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

  • CVE-2023-20528Jan 10, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.

  • CVE-2021-26350May 11, 2022
    risk 0.00cvss epss 0.00

    A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.