First published: Tue Nov 16 2021(Updated: )
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
Credit: psirt@amd.com
Affected Software | Affected Version | How to fix |
---|---|---|
AMD EPYC 7F72 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7F72 | ||
AMD EPYC 7F52 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7F52 | ||
AMD EPYC 7F32 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7F32 Firmware | ||
AMD EPYC 7H12 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7H12 | ||
AMD EPYC 7742 firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7742 firmware | ||
AMD EPYC 7702 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7702 | ||
AMD EPYC 7702 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7702p | ||
AMD EPYC 7662 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7662 | ||
AMD EPYC 7642 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7642 Firmware | ||
AMD EPYC 7552 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC Embedded 7552 | ||
AMD EPYC 7542 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7542 | ||
AMD EPYC 7532 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7532 | ||
Amd Epyc Server Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7502 | ||
AMD EPYC 7502P Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7502P | ||
AMD EPYC 7452 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7452 | ||
Amd Epyc Server Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7402 | ||
AMD EPYC 7402P Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7402P | ||
AMD EPYC 7352 firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7352 | ||
Amd Epyc Server Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7302P | ||
AMD EPYC 7302P Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7302P | ||
AMD EPYC 7282 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7282 | ||
AMD EPYC 7272 firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7272 firmware | ||
AMD EPYC 7262 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7262 Firmware | ||
AMD EPYC 7252 Firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7252 Firmware | ||
AMD EPYC 7232p firmware | <romepi-sp3_1.0.0.c | |
AMD EPYC 7232p firmware | ||
AMD EPYC 7763 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7763 Firmware | ||
AMD EPYC 7713P Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7713P Firmware | ||
AMD EPYC 7713P Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7713 | ||
AMD EPYC 7663 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7663 Firmware | ||
AMD EPYC 7643 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7643 | ||
AMD EPYC 75F3 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 75F3 | ||
AMD EPYC 7543P Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7543P Firmware | ||
Amd Epyc Server Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7543 Firmware | ||
AMD EPYC 7513 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7513 | ||
Amd Epyc Server Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7453 | ||
AMD EPYC 74F3 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 74F3 | ||
AMD EPYC 7443P Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7443P | ||
AMD EPYC 7443 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7443 | ||
AMD EPYC 7413 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7413 Firmware | ||
AMD EPYC 73F3 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 73F3 | ||
Amd Epyc Server Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7343 | ||
AMD EPYC 7313P Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7313P | ||
Amd Epyc Server Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 7313P | ||
AMD EPYC 72F3 Firmware | <milanpi-sp3_1.0.0.4 | |
AMD EPYC 72F3 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12946 has been classified as a high severity vulnerability due to potential loss of integrity and denial of service.
To fix CVE-2020-12946, update to the latest firmware version provided by AMD for your specific EPYC processor.
CVE-2020-12946 affects various AMD EPYC processor firmware versions prior to 'romepi-sp3_1.0.0.c' or 'milanpi-sp3_1.0.0.4' depending on the CPU model.
Insufficient input validation in CVE-2020-12946 indicates that the firmware does not adequately check the inputs to discrete TPM (Trusted Platform Module) commands, which can lead to security vulnerabilities.
Yes, CVE-2020-12946 can potentially be exploited remotely, allowing attackers to affect system integrity and availability.