Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26331

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 116 products from amd, from amd, from amd and 113 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-11-16T19:15:08.197

Last Modified

2024-11-21T05:56:07.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System amd epyc_7003_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7003 - No
Operating System amd epyc_7002_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7002 - No
Operating System amd epyc_7001_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7001 - No
Operating System amd epyc_72f3_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_72f3 - No
Operating System amd epyc_7313_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7313 - No
Operating System amd epyc_7313p_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7313p - No
Operating System amd epyc_7343_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7343 - No
Operating System amd epyc_73f3_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_73f3 - No
Operating System amd epyc_7413_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7413 - No
Operating System amd epyc_7443_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7443 - No
Operating System amd epyc_7443p_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7443p - No
Operating System amd epyc_7453_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7453 - No
Operating System amd epyc_74f3_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_74f3 - No
Operating System amd epyc_7513_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7513 - No
Operating System amd epyc_7543_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7543 - No
Operating System amd epyc_7543p_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7543p - No
Operating System amd epyc_75f3_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_75f3 - No
Operating System amd epyc_7643_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7643 - No
Operating System amd epyc_7663_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7663 - No
Operating System amd epyc_7713_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7713 - No
Operating System amd epyc_7713p_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7713p - No
Operating System amd epyc_7763_firmware < milanpi-sp3_1.0.0.4 Yes
Hardware amd epyc_7763 - No
Operating System amd epyc_7232p_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7232p - No
Operating System amd epyc_7252_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7252 - No
Operating System amd epyc_7262_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7262 - No
Operating System amd epyc_7272_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7272 - No
Operating System amd epyc_7282_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7282 - No
Operating System amd epyc_7302_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7302 - No
Operating System amd epyc_7302p_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7302p - No
Operating System amd epyc_7352_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7352 - No
Operating System amd epyc_7402_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7402 - No
Operating System amd epyc_7402p_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7402p - No
Operating System amd epyc_7452_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7452 - No
Operating System amd epyc_7502_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7502 - No
Operating System amd epyc_7502p_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7502p - No
Operating System amd epyc_7532_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7532 - No
Operating System amd epyc_7542_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7542 - No
Operating System amd epyc_7552_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7552 - No
Operating System amd epyc_7642_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7642 - No
Operating System amd epyc_7662_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7662 - No
Operating System amd epyc_7702_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7702 - No
Operating System amd epyc_7702p_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7702p - No
Operating System amd epyc_7742_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7742 - No
Operating System amd epyc_7f32_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7f32 - No
Operating System amd epyc_7f52_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7f52 - No
Operating System amd epyc_7f72_firmware < romepi-sp3_1.0.0.c Yes
Hardware amd epyc_7f72 - No
Operating System amd epyc_7251_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7251 - No
Operating System amd epyc_7281_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7281 - No
Operating System amd epyc_7301_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7301 - No
Operating System amd epyc_7351_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7351 - No
Operating System amd epyc_7351p_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7351p - No
Operating System amd epyc_7401_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7401 - No
Operating System amd epyc_7401p_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7401p - No
Operating System amd epyc_7451_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7451 - No
Operating System amd epyc_7501_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7501 - No
Operating System amd epyc_7551_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7551 - No
Operating System amd epyc_7551p_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7551p - No
Operating System amd epyc_7601_firmware < naplespi-sp3_1.0.0.g Yes
Hardware amd epyc_7601 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For amd's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.