CVE-2020-12961
HIGHAMD EPYC 7003/7002/72F3/7313/7313P/7343/73F3/7413/7443/7443P/7453/74F3/7513 Firmware Privilege Escalation via SMN
Title source: llmDescription
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (45)
amd/epyc_7002_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7003_firmware
< milanpi-sp3_1.0.0.4
amd/epyc_7232p_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7252_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7262_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7272_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7282_firmware
< romepi-sp3_1.0.0.c
amd/epyc_72f3_firmware
< milanpi-sp3_1.0.0.4
amd/epyc_7302_firmware
< romepi-sp3_1.0.0.c
amd/epyc_7302p_firmware
< romepi-sp3_1.0.0.c
... and 35 more
Published
Nov 16, 2021
Tracked Since
Feb 18, 2026