System Management Unit (smu)
by Hitachi
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6538 | 0.03 | — | 0.02 | Dec 11, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to… | |||
| CVE-2023-5808 | 0.00 | — | 0.01 | Dec 4, 2023 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that… | |||
| CVE-2021-46774 | 0.00 | — | 0.01 | Nov 14, 2023 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | |||
| CVE-2021-26355 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | |||
| CVE-2021-26351 | 0.00 | — | 0.00 | May 12, 2022 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||
| CVE-2021-26373 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||
| CVE-2021-26378 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||
| CVE-2021-26372 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||
| CVE-2021-26330 | 0.00 | — | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | |||
| CVE-2021-26331 | 0.00 | — | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | |||
| CVE-2021-26336 | 0.00 | — | 0.00 | Nov 16, 2021 | Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | |||
| CVE-2021-26329 | 0.00 | — | 0.00 | Nov 16, 2021 | AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. | |||
| CVE-2021-26338 | 0.00 | — | 0.01 | Nov 16, 2021 | Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. |
- CVE-2023-6538Dec 11, 2023risk 0.03cvss —epss 0.02
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to…
- CVE-2023-5808Dec 4, 2023risk 0.00cvss —epss 0.01
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that…
- CVE-2021-46774Nov 14, 2023risk 0.00cvss —epss 0.01
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
- CVE-2021-26355Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.
- CVE-2021-26351May 12, 2022risk 0.00cvss —epss 0.00
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
- CVE-2021-26373May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
- CVE-2021-26378May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- CVE-2021-26372May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- CVE-2021-26330Nov 16, 2021risk 0.00cvss —epss 0.00
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
- CVE-2021-26331Nov 16, 2021risk 0.00cvss —epss 0.00
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
- CVE-2021-26336Nov 16, 2021risk 0.00cvss —epss 0.00
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.
- CVE-2021-26329Nov 16, 2021risk 0.00cvss —epss 0.00
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
- CVE-2021-26338Nov 16, 2021risk 0.00cvss —epss 0.01
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.