Lucene search

K
amdAmd.comAMD-SB-1031
HistoryJan 10, 2023 - 12:00 a.m.

AMD Client Vulnerabilities – January 2023

2023-01-1000:00:00
amd.com
www.amd.com
11

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

7.2%

Bulletin ID: AMD-SB-1031 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below

Summary

In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered and are being mitigated in AGESA™ PI software packages associated with AMD Athlon™ Processors, Ryzen™ Processors and Threadripper™ Processors.

CVE Details

Refer to Glossary for explanation of terms

CVE Severity Description
CVE‑2021‑26316 High Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
CVE‑2021‑26346 Medium Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVE‑2021‑46795 Low A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

Mitigation

The AGESA™ versions listed below have been released to the Original Equipment Manufacturers (OEM) to mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.

DESKTOP

CVE|AMD Ryzen™ 2000 series Desktop Processors
“Raven Ridge” AM4
|AMD Ryzen™ 2000 Series Desktop Processors
“Pinnacle Ridge”
|AMD Ryzen™ 3000 Series Desktop Processors
“Matisse” AM4
|AMD Ryzen™ 5000 Series Desktop Processors
“Vermeer” AM4
|AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
“Cezanne” AM4

—|—|—|—|—|—
Minimum version to mitigate all listed CVEs|Raven-FP5-AM4 1.1.0.D
ComboAM4PI 1.0.0.8
ComboAM4v2 PI 1.2.0.4
PinnaclePI-AM4 1.0.0.C
|PinnaclePI-AM4 1.0.0.C
ComboAM4PI 1.0.0.8
ComboAM4v2 PI 1.2.0.4
|N/A|N/A|ComboAM4v2 PI 1.2.0.8
CVE‑2021‑26316| Raven-FP5-AM4 1.1.0.D
ComboAM4PI 1.0.0.8
ComboAM4v2 PI 1.2.0.4
PinnaclePI-AM4 1.0.0.C| PinnaclePI-AM4 1.0.0.C
ComboAM4PI 1.0.0.8
ComboAM4v2 PI 1.2.0.4| N/A| N/A| ComboAM4v2 PI 1.2.0.4
CVE‑2021‑26346| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.8
CVE‑2021‑46795| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5

HIGH END DESKTOP

CVE|2nd Gen AMD Ryzen™ Threadripper™ Processors
“Colfax”
|3rd Gen AMD Ryzen™ Threadripper™ Processors
“Castle Peak” HEDT

—|—|—
Minimum version to mitigate all listed CVEs|SummitPI-SP3r2 1.1.0.5|CastlePeakPI-SP3r3 1.0.0.6
CVE‑2021‑26316| SummitPI-SP3r2 1.1.0.5| CastlePeakPI-SP3r3 1.0.0.6
CVE‑2021‑26346| N/A| N/A
CVE‑2021‑46795| N/A| N/A

WORKSTATION

CVE|AMD Ryzen™ Threadripper™ PRO Processors
“Castle Peak” WS
|AMD Ryzen™ Threadripper™ PRO Processors
“Chagall” WS

—|—|—
Minimum version to mitigate all listed CVEs|CastlePeakWSPI-sWRX8 1.0.0.7
ChagallWSPI-sWRX8 0.0.9.0
|N/A
CVE‑2021‑26316| CastlePeakWSPI-sWRX8 1.0.0.7
ChagallWSPI-sWRX8 0.0.9.0| N/A
CVE‑2021‑26346| N/A| N/A
CVE‑2021‑46795| N/A| N/A

MOBILE - AMD Athlon™ Series

CVE|AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
“Dali”/”Dali” ULP
|AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
“Pollock”

—|—|—
Minimum version to mitigate all listed CVEs|PicassoPI-FP5 1.0.0.D|PollockPI-FT5 1.0.0.3
CVE‑2021‑26316| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3
CVE‑2021‑26346| N/A| N/A
CVE‑2021‑46795| N/A| N/A

MOBILE - AMD Ryzen™ Series

CVE|AMD Ryzen™ 2000 Series Mobile Processors
“Raven Ridge” FP5
|AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics
“Picasso”
|AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
“Renoir” FP6
|AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Lucienne”
|AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Cezanne”
|AMD Ryzen™ 6000 Series Mobile Processors
“Rembrandt”

—|—|—|—|—|—|—
Minimum version to mitigate all listed CVEs|N/A|PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4|RenoirPI-FP6 1.0.0.9
ComboAM4v2 PI 1.2.0.8
|CezannePI-FP6 1.0.0.B|CezannePI-FP6 1.0.0.B|N/A
CVE‑2021‑26316| N/A| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4| RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.4| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A
CVE‑2021‑26346| N/A| N/A| RenoirPI-FP6 1.0.0.9
ComboAM4v2 PI 1.2.0.8| CezannePI-FP6 1.0.0.B| CezannePI-FP6 1.0.0.B| N/A
CVE‑2021‑46795| N/A| N/A| RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

7.2%

Related for AMD-SB-1031