CVE-2020-12944

CVSS V2 Medium 4.6 CVSS V3 High 7.8
Description
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
Overview
  • CVE ID
  • CVE-2020-12944
  • Assigner
  • psirt@amd.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-11-16T19:15:07
  • Last Modified Date
  • 2022-10-06T15:45:33
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:amd:epyc_7601_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7551p_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7551_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7501_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7451_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7401_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7371_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7261_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:* 1 OR naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:* 1 OR romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:* 1 OR milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4.6
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.9
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 06:45:43 Added to TrackCVE
2022-12-05 14:37:17 2021-11-16T19:15Z 2021-11-16T19:15:07 CVE Published Date updated
2022-12-05 14:37:17 2022-10-06T15:45:33 CVE Modified Date updated
2022-12-05 14:37:17 Analyzed Vulnerability Status updated