Lucene search

K
amdAmd.comAMD-SB-1021
HistoryNov 08, 2021 - 12:00 a.m.

AMD Server Vulnerabilities – November 2021

2021-11-0800:00:00
amd.com
www.amd.com
73
amd
server
vulnerabilities
secure processor
smu
sev
epyc
agesa
packages
bios
oem

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

54.2%

Bulletin ID: AMD-SB-1021 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below

Summary

During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.

CVE Details

See Below

Affected Products

1st/2nd/3rd Gen AMD EPYC™ Processors

CVE 1st Gen AMD EPYC™ 2nd Gen AMD EPYC™ 3rd Gen AMD EPYC™
CVE-2020-12944
CVE-2020-12946 NA
CVE-2020-12951
CVE-2020-12954
CVE-2020-12961 NA
CVE-2020-12988
CVE-2021-26312
CVE-2021-26315 NA NA
CVE-2021-26320
CVE-2021-26321
CVE-2021-26322
CVE-2021-26323 NA NA
CVE-2021-26325 NA NA
CVE-2021-26326 NA NA
CVE-2021-26327 NA NA
CVE-2021-26329
CVE-2021-26330
CVE-2021-26331
CVE-2021-26335
CVE-2021-26336 NA
CVE-2021-26337 NA
CVE-2021-26338 NA

Mitigation

The AGESA™ versions listed below have been released to the Original Equipment Manufacturers (OEM) to mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.

Platform AGESA Version Release Date
1st Gen AMD EPYC™ NaplesPI-SP3_1.0.0.G July 23, 2021
2nd Gen AMD EPYC™ RomePI-SP3_1.0.0.C July 22, 2021
3rd Gen AMD EPYC™ MilanPI-SP3_1.0.0.4 June 26, 2021

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

54.2%