Skip to main content

Epyc 7003 Firmware CVE-2021-26337

MEDIUM
2021-11-16 psirt@amd.com
Information Disclosure Epyc 7003 Firmware Epyc 7002 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware Epyc 7313P Firmware Epyc 7343 Firmware Epyc 73F3 Firmware Epyc 7413 Firmware Epyc 7443 Firmware Epyc 7443P Firmware Epyc 7453 Firmware Epyc 74F3 Firmware Epyc 7513 Firmware Epyc 7543 Firmware Epyc 7543P Firmware Epyc 75F3 Firmware Epyc 7643 Firmware Epyc 7663 Firmware Epyc 7713 Firmware Epyc 7713P Firmware Epyc 7763 Firmware Epyc 7232P Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware Epyc 7282 Firmware Epyc 7302 Firmware Epyc 7302P Firmware Epyc 7352 Firmware Epyc 7402 Firmware Epyc 7402P Firmware Epyc 7452 Firmware Epyc 7502 Firmware Epyc 7502P Firmware Epyc 7532 Firmware Epyc 7542 Firmware Epyc 7552 Firmware Epyc 7642 Firmware Epyc 7662 Firmware Epyc 7702 Firmware Epyc 7702P Firmware Epyc 7742 Firmware Epyc 7F32 Firmware Epyc 7F52 Firmware Epyc 7F72 Firmware Ryzen 3 3100 Firmware Ryzen 5 3400G Firmware Ryzen 5 3450G Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 5300G Firmware Ryzen 5300Ge Firmware Ryzen Threadripper 2920X Firmware Ryzen Threadripper 2950X Firmware Ryzen Threadripper 2970Wx Firmware Ryzen Threadripper 2990Wx Firmware Ryzen Threadripper 3960X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper Pro 5945Wx Firmware Ryzen Threadripper Pro 5955Wx Firmware Ryzen Threadripper Pro 5965Wx Firmware Ryzen Threadripper Pro 5975Wx Firmware Ryzen Threadripper Pro 5995Wx Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3975Wx Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen 5600G Firmware Ryzen 5600Ge Firmware Ryzen 3 5425U Firmware Ryzen 3 5400U Firmware Ryzen 5600X Firmware Ryzen 5700G Firmware Ryzen 5700Ge Firmware Ryzen 5800X Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 5 5600U Firmware Ryzen 5 5600X Firmware Ryzen 5 5625U Firmware Ryzen 5800X3D Firmware Ryzen 5900X Firmware Ryzen 5950X Firmware Ryzen 7 5800H Firmware Ryzen 7 5800Hs Firmware Ryzen 7 5800U Firmware Ryzen 7 5825U Firmware Ryzen Pro 5350G Firmware Ryzen Pro 5350Ge Firmware Ryzen 9 5900Hs Firmware Ryzen 9 5900Hx Firmware Ryzen 9 5980Hs Firmware Ryzen 9 5980Hx Firmware Ryzen Pro 5650G Firmware Ryzen Pro 5650Ge Firmware Ryzen Pro 5750G Firmware Ryzen Pro 5750Ge Firmware Ryzen 9 3950X Firmware Ryzen 9 3900X Firmware Ryzen 3 3300G Firmware Ryzen Pro 3200G Firmware Ryzen Pro 3200Ge Firmware Ryzen Pro 3350G Firmware Ryzen Pro 3400G Firmware Ryzen Pro 3400Ge Firmware Ryzen Pro 3600 Firmware Ryzen Pro 3700 Firmware Ryzen Pro 3900 Firmware Ryzen 7 3700X Firmware Ryzen 7 3800X Firmware Ryzen 3 3300X Firmware
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 16, 2021 - 19:15 nvd
MEDIUM 5.5

DescriptionNVD

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.

AnalysisAI

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. Affected products include: Amd Epyc 7003 Firmware, Amd Epyc 7002 Firmware, Amd Epyc 72F3 Firmware, Amd Epyc 7313 Firmware, Amd Epyc 7313P Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-26335 HIGH
7.8 Nov 16

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us

CVE-2021-26331 HIGH
7.8 Nov 16

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent

CVE-2021-26315 HIGH
7.8 Nov 16

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW,

CVE-2023-20531 HIGH
7.5 Jan 11

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value

CVE-2023-20530 HIGH
7.5 Jan 11

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resul

CVE-2023-20529 HIGH
7.5 Jan 11

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value poten

CVE-2023-20527 MEDIUM
6.5 Jan 11

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, po

CVE-2023-20525 MEDIUM
6.5 Jan 11

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the b

CVE-2023-20523 MEDIUM
5.7 Jan 11

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of inte

CVE-2022-23824 MEDIUM
5.5 Nov 09

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential in

CVE-2021-26336 MEDIUM
5.5 Nov 16

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result

CVE-2021-26330 MEDIUM
5.5 Nov 16

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated med

Share

CVE-2021-26337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy