Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26315

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.

Published

2021-11-16T19:15:07.703

Last Modified

2024-11-21T05:56:04.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-345
Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amd	epyc_7003_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7003	-	No
Operating System	amd	epyc_72f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_72f3	-	No
Operating System	amd	epyc_7313_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7313	-	No
Operating System	amd	epyc_7313p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7313p	-	No
Operating System	amd	epyc_7343_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7343	-	No
Operating System	amd	epyc_73f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_73f3	-	No
Operating System	amd	epyc_7413_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7413	-	No
Operating System	amd	epyc_7443_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7443	-	No
Operating System	amd	epyc_7443p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7443p	-	No
Operating System	amd	epyc_7453_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7453	-	No
Operating System	amd	epyc_74f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_74f3	-	No
Operating System	amd	epyc_7513_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7513	-	No
Operating System	amd	epyc_7543_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7543	-	No
Operating System	amd	epyc_7543p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7543p	-	No
Operating System	amd	epyc_75f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_75f3	-	No
Operating System	amd	epyc_7643_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7643	-	No
Operating System	amd	epyc_7663_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7663	-	No
Operating System	amd	epyc_7713_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7713	-	No
Operating System	amd	epyc_7713p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7713p	-	No
Operating System	amd	epyc_7763_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7763	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)