Amd.comAMD-SB-1021AMD Server Vulnerabilities – November 2021
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
50.1%
Bulletin ID: AMD-SB-1021 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below
Summary
During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.
CVE Details
See Below
Affected Products
1st/2nd/3rd Gen AMD EPYC™ Processors
| CVE | 1st Gen AMD EPYC™ | 2nd Gen AMD EPYC™ | 3rd Gen AMD EPYC™ |
|---|---|---|---|
| CVE-2020-12944 | ● | ● | ● |
| CVE-2020-12946 | NA | ● | ● |
| CVE-2020-12951 | ● | ● | ● |
| CVE-2020-12954 | ● | ● | ● |
| CVE-2020-12961 | NA | ● | ● |
| CVE-2020-12988 | ● | ● | ● |
| CVE-2021-26312 | ● | ● | ● |
| CVE-2021-26315 | NA | NA | ● |
| CVE-2021-26320 | ● | ● | ● |
| CVE-2021-26321 | ● | ● | ● |
| CVE-2021-26322 | ● | ● | ● |
| CVE-2021-26323 | NA | NA | ● |
| CVE-2021-26325 | NA | NA | ● |
| CVE-2021-26326 | NA | NA | ● |
| CVE-2021-26327 | NA | NA | ● |
| CVE-2021-26329 | ● | ● | ● |
| CVE-2021-26330 | ● | ● | ● |
| CVE-2021-26331 | ● | ● | ● |
| CVE-2021-26335 | ● | ● | ● |
| CVE-2021-26336 | NA | ● | ● |
| CVE-2021-26337 | NA | ● | ● |
| CVE-2021-26338 | NA | ● | ● |
Mitigation
The AGESA™ versions listed below have been released to the Original Equipment Manufacturers (OEM) to mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.
| Platform | AGESA Version | Release Date |
|---|---|---|
| 1st Gen AMD EPYC™ | NaplesPI-SP3_1.0.0.G | July 23, 2021 |
| 2nd Gen AMD EPYC™ | RomePI-SP3_1.0.0.C | July 22, 2021 |
| 3rd Gen AMD EPYC™ | MilanPI-SP3_1.0.0.4 | June 26, 2021 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
50.1%