System Management Unit
by AMD
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26331 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | ||
| CVE-2021-26338 | Hig | 0.49 | 7.5 | 0.01 | Nov 16, 2021 | Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. | ||
| CVE-2021-46774 | Med | 0.44 | 6.7 | 0.01 | Nov 14, 2023 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | ||
| CVE-2023-20533 | Med | 0.40 | 6.1 | 0.01 | Nov 14, 2023 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | ||
| CVE-2021-26355 | Med | 0.36 | 5.5 | 0.00 | Jan 11, 2023 | Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | ||
| CVE-2021-26351 | Med | 0.36 | 5.5 | 0.00 | May 12, 2022 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | ||
| CVE-2021-26378 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||
| CVE-2021-26376 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | ||
| CVE-2021-26375 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | ||
| CVE-2021-26373 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | ||
| CVE-2021-26372 | Med | 0.36 | 5.5 | 0.00 | May 11, 2022 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | ||
| CVE-2021-26337 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | ||
| CVE-2021-26336 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | ||
| CVE-2021-26330 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | ||
| CVE-2021-26329 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. |
- risk 0.51cvss 7.8epss 0.00
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
- risk 0.49cvss 7.5epss 0.01
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.
- risk 0.44cvss 6.7epss 0.01
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
- risk 0.40cvss 6.1epss 0.01
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
- risk 0.36cvss 5.5epss 0.00
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.
- risk 0.36cvss 5.5epss 0.00
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
- risk 0.36cvss 5.5epss 0.00
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
- risk 0.36cvss 5.5epss 0.00
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
- risk 0.36cvss 5.5epss 0.00
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.