Amd.comAMD-SB-3002AMD Server Vulnerabilities – Nov 2023
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.2%
Bulletin ID: AMD-SB-3002 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below
Summary
Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) and other platform components were discovered and mitigations have been provided in AMD EPYC™ Platform Initialization (PI) firmware packages.
Please refer to your OEM for the BIOS update specific to your product.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2022-23820 | High | Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. |
| CVE-2021-46774 | Medium | Insufficient input validation in ABL may enable a privileged attacker with the ability to write to the boot image to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. |
| CVE-2023-20519 | Medium | A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest’s migration agent resulting in a potential loss of guest integrity. |
| CVE-2023-20533 | Medium | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. |
| CVE-2023-20566 | Medium | Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. |
| CVE-2021-26345 | Low | Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. |
| CVE-2021-46766 | Low | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. |
| CVE-2022-23830 | Low | SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. |
| CVE-2023-20521 | Low | TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. |
| CVE-2023-20526 | Low | Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. |
Specific CVSS scores may change subject to your implementation. We encourage you to calculate CVSS scores independently for your system.
Affected Products
N/A
Mitigation
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.2%