Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26331

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Published

2021-11-16T19:15:08.197

Last Modified

2024-11-21T05:56:07.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amd	epyc_7003_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7003	-	No
Operating System	amd	epyc_7002_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7002	-	No
Operating System	amd	epyc_7001_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7001	-	No
Operating System	amd	epyc_72f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_72f3	-	No
Operating System	amd	epyc_7313_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7313	-	No
Operating System	amd	epyc_7313p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7313p	-	No
Operating System	amd	epyc_7343_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7343	-	No
Operating System	amd	epyc_73f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_73f3	-	No
Operating System	amd	epyc_7413_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7413	-	No
Operating System	amd	epyc_7443_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7443	-	No
Operating System	amd	epyc_7443p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7443p	-	No
Operating System	amd	epyc_7453_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7453	-	No
Operating System	amd	epyc_74f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_74f3	-	No
Operating System	amd	epyc_7513_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7513	-	No
Operating System	amd	epyc_7543_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7543	-	No
Operating System	amd	epyc_7543p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7543p	-	No
Operating System	amd	epyc_75f3_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_75f3	-	No
Operating System	amd	epyc_7643_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7643	-	No
Operating System	amd	epyc_7663_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7663	-	No
Operating System	amd	epyc_7713_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7713	-	No
Operating System	amd	epyc_7713p_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7713p	-	No
Operating System	amd	epyc_7763_firmware	< milanpi-sp3_1.0.0.4	Yes
Hardware	amd	epyc_7763	-	No
Operating System	amd	epyc_7232p_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7232p	-	No
Operating System	amd	epyc_7252_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7252	-	No
Operating System	amd	epyc_7262_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7262	-	No
Operating System	amd	epyc_7272_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7272	-	No
Operating System	amd	epyc_7282_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7282	-	No
Operating System	amd	epyc_7302_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7302	-	No
Operating System	amd	epyc_7302p_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7302p	-	No
Operating System	amd	epyc_7352_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7352	-	No
Operating System	amd	epyc_7402_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7402	-	No
Operating System	amd	epyc_7402p_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7402p	-	No
Operating System	amd	epyc_7452_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7452	-	No
Operating System	amd	epyc_7502_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7502	-	No
Operating System	amd	epyc_7502p_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7502p	-	No
Operating System	amd	epyc_7532_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7532	-	No
Operating System	amd	epyc_7542_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7542	-	No
Operating System	amd	epyc_7552_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7552	-	No
Operating System	amd	epyc_7642_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7642	-	No
Operating System	amd	epyc_7662_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7662	-	No
Operating System	amd	epyc_7702_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7702	-	No
Operating System	amd	epyc_7702p_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7702p	-	No
Operating System	amd	epyc_7742_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7742	-	No
Operating System	amd	epyc_7f32_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7f32	-	No
Operating System	amd	epyc_7f52_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7f52	-	No
Operating System	amd	epyc_7f72_firmware	< romepi-sp3_1.0.0.c	Yes
Hardware	amd	epyc_7f72	-	No
Operating System	amd	epyc_7251_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7251	-	No
Operating System	amd	epyc_7281_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7281	-	No
Operating System	amd	epyc_7301_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7301	-	No
Operating System	amd	epyc_7351_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7351	-	No
Operating System	amd	epyc_7351p_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7351p	-	No
Operating System	amd	epyc_7401_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7401	-	No
Operating System	amd	epyc_7401p_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7401p	-	No
Operating System	amd	epyc_7451_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7451	-	No
Operating System	amd	epyc_7501_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7501	-	No
Operating System	amd	epyc_7551_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7551	-	No
Operating System	amd	epyc_7551p_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7551p	-	No
Operating System	amd	epyc_7601_firmware	< naplespi-sp3_1.0.0.g	Yes
Hardware	amd	epyc_7601	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)