N/A

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

N/A

输入验证不恰当

AMD EPYC UApp/ABL 输入验证错误漏洞

AMD EPYC是美国AMD公司的一款x86架构服务器微处理器产品线，中文名为“霄龙”，采用Zen微架构。 AMD EPYC UApp/ABL 存在安全漏洞，该漏洞源于SVC_LOAD_FW_IMAGE_BY_INSTANCE和SVC_LOAD_BINARY_BY_ATTRIB对目标地址验证不当。攻击者利用该漏洞覆盖任意加载程序的内存，从而损失完整性和可用性。

N/A

N/A