Lucene search

Amd.comAMD-SB-5001

HistoryFeb 13, 2024 - 12:00 a.m.

AMD Embedded Processors Vulnerabilities – February 2024

2024-02-1300:00:00

amd.com

www.amd.com

amd embedded processors

vulnerabilities

platform initialization

firmware packages

cve details

severity

privilege escalation

code execution

denial-of-service

confidentiality

integrity

memory validation

address validation

race condition

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Bulletin ID: AMD-SB-5001 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below

Summary

Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization (PI) firmware packages.

CVE Details

Refer to Glossary for explanation of terms

CVE	Severity	CVE Description
CVE-2020-12930	High	Improper parameters handling in AMD Platform Security Processor (PSP)1 drivers may allow a privileged attacker to elevate their privileges.
CVE-2020-12931	High	Improper parameters handling in the AMD Platform Security Processor (PSP)1 kernel may allow a privileged attacker to elevate their privileges.
CVE-2021-46757	High	Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.
CVE-2022-23820	High	Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
CVE-2022-23821	High	Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
CVE-2023-20563	High	Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2023-20565	High	Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2021-26392	Medium****	Insufficient verification of missing size check in ‘LoadModule’ may lead to an out-of-bounds write allowing an attacker with privileges to gain code execution of the secure OS/kernel by loading a malicious TA.
CVE-2021-26393	Medium	Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker-controlled data resulting in a loss of confidentiality.
CVE-2021-46754	Medium	Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.
CVE-2021-46774	Medium	Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
CVE-2023-20533	Medium	Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
CVE-2023-20566	Medium	Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
CVE-2023-20571	Medium	A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
CVE-2021-26345	Low	Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
CVE-2021-46762	Low	Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVE-2021-46766	Low	Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
CVE-2022-23830	Low	SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
CVE-2023-20521	Low	TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVE-2023-20526	Low	Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

AMD Platform Secure Processor (PSP) is now known as AMD Secure Processor (ASP).

Affected Products and Mitigation

AMD recommends updating to the Platform Initialization (PI) firmware version indicated below.

CVE	AMD EPYC™ Embedded 3000	AMD EPYC™ Embedded 7002	AMD EPYC™ Embedded 7003	AMD EPYC™ Embedded 9003
Minimum version to mitigate all listed CVEs	SnowyOwl PI
1.1.0.8
(2021-12-24)	EmbRomePI-SP3
1.0.0.A
(2023-07-31)	EmbMilanPI-SP3
1.0.0.7
(2023-07-31)	EmbGenoaPI-SP5
1.0.0.2
(2023-08-04)
CVE-2020-12930	High	Not affected	Not affected	Not affected
CVE-2020-12931	High	Not affected	Not affected	Not affected
CVE-2021-46757	High	Not affected	Not affected	Not affected
CVE-2022-23820	High	Not affected	Not affected	EmbMilanPI-SP3
1.0.0.1
(2021-07-30)	Not affected
CVE-2022-23821	High	Not affected	Not affected	Not affected
CVE-2023-20563	High	Not affected	Not affected	Not affected
CVE-2023-20565	High	Not affected	Not affected	Not affected
CVE-2021-26392	Medium	Not affected	Not affected	Not affected
CVE-2021-26393	Medium	Not affected	Not affected	Not affected
CVE-2021-46754	Medium	Not affected	Not affected	Not affected
CVE-2021-46774	Medium	SnowyOwl PI
1.1.0.7
(2021-10-29)	EmbRomePI-SP3
1.0.0.8
(2022-07-29)	EmbMilanPI-SP3
1.0.0.5
(2022-07-29)	Not affected
CVE-2023-20533	Medium	Not affected	EmbRomePI-SP3
1.0.0.7
(2022-01-31)	EmbMilanPI-SP3
1.0.0.2
(2021-10-29)	Not affected
CVE-2023-20566	Medium	Not affected	Not affected	EmbMilanPI-SP3
1.0.0.7
(2023-07-31)	EmbGenoaPI-SP5
1.0.0.2
(2023-08-04)
CVE-2023-20571	Medium	Not affected	Not affected	Not affected
CVE-2021-26345	Low	Not affected	EmbRomePI-SP3
1.0.0.9
(2022-12-31)	EmbMilanPI-SP3
1.0.0.6
(2022-12-12)	Not affected
CVE-2021-46762	Low	Not affected	EmbRomePI-SP3
1.0.0.8
(2022-07-29)	EmbMilanPI-SP3
1.0.0.5
(2022-07-29)	Not affected
CVE-2021-46766	Low	Not affected	Not affected	Not affected
1.0.0.2
(2023-08-04)
CVE-2022-23830	Low	Not affected	Not affected	EmbMilanPI-SP3
1.0.0.6
(2022-12-12)	Not affected
CVE-2023-20521	Low	SnowyOwl PI
1.1.0.8
(2021-12-24)	EmbRomePI-SP3
1.0.0.7
(2022-01-31)	EmbMilanPI-SP3
1.0.0.3
(2022-01-31)	Not affected
CVE-2023-20526	Low	SnowyOwl
PI 1.1.0.8
(2021-12-24)	EmbRomePI-SP3
1.0.0.7
(2022-01-31)	EmbMilanPI-SP3
1.0.0.2
(2021-10-29)	Not affected

CVE	AMD Ryzen™ Embedded R1000	AMD Ryzen™ Embedded R2000	AMD Ryzen™ Embedded 5000
Minimum version to mitigate all listed CVEs	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	EmbAM4PI
1.0.0.3
(2023-07-31)
CVE-2020-12930	High	EmbeddedPI-FP5
1.0.1.0
(2023-07-31)	EmbeddedPI-FP5
1.0.1.0
(2023-07-31)	EmbAM4PI
1.0.0.2
(2022-10-31)
CVE-2020-12931	High	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	EmbAM4PI
1.0.0.0
(2022-04-29)
CVE-2021-46757	High	Not affected	Not affected
1.0.0.0
(2022-04-29)
CVE-2022-23820	High	Not affected	Not affected
CVE-2022-23821	High	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	EmbAM4PI
1.0.0.2
(2022-10-31)
CVE-2023-20563	High	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	EmbAM4PI
1.0.0.3
(2023-07-31)
CVE-2023-20565	High	Not affected	Not affected
CVE-2021-26392	Medium	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	EmbAM4PI
1.0.0.2
(2022-10-31)
CVE-2021-26393	Medium	EmbeddedPI-FP5
1.2.0.9
(2022-07-29)	EmbeddedPI-FP5
1.0.0.1
(2022-07-29)	Not affected
CVE-2021-46754	Medium	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.0.0.2
(2023-07-31)	Not affected
CVE-2021-46774	Medium	Not affected	Not affected
1.0.0.0
(2022-04-29)
CVE-2023-20533	Medium	Not affected	Not affected
1.0.0.3
(2023-07-31)

CVE	AMD Ryzen™ Embedded V1000	AMD Ryzen™ Embedded V2000	AMD Ryzen™ Embedded V3000
Minimum version to mitigate all listed CVEs	All V1000 OPNs excluding YE1500C4T4MFH	YE1500C4T4MFH	EmbeddedPI-FP6
1.0.0.8
(2023-07-31)	EmbeddedPI-FP7r2
1.0.0.5
(2023-07-28)
EmbeddedPI-FP5
1.2.0.A
(2023-07-31)
CVE-2020-12930	High	EmbeddedPI-FP5
1.0.1.0
(2023-07-31)	EmbeddedPI-FP5
1.0.1.0
(2023-07-31)	EmbeddedPI-FP6
1.0.0.6
(2022-04-29)	Not affected
CVE-2020-12931	High	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	Not affected	Not affected
CVE-2021-46757	High	Not affected	Not affected
1.0.0.6
(2022-04-29)	Not affected
CVE-2022-23820	High	Not affected	Not affected
CVE-2022-23821	High	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP6
1.0.0.8
(2023-07-31)	EmbeddedPI-FP7r2
1.0.0.0
(2022-04-29)
CVE-2023-20563	High	Not affected	Not affected
1.0.0.6
(2023-09-15)
CVE-2023-20565	High	Not affected	Not affected
1.0.0.5
(2023-07-28)
CVE-2021-26392	Medium	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP6
1.0.0.6
(2022-04-29)	EmbeddedPI-FP7r2
1.0.0.0
(2022-04-29)
CVE-2021-26393	Medium	EmbeddedPI-FP5
1.2.0.9
(2022-07-29)	EmbeddedPI-FP5
1.2.0.9
(2022-07-29)	EmbeddedPI-FP6
1.0.0.6
(2022-04-29)	Not affected
CVE-2021-46754	Medium	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP6
1.0.0.6
(2022-04-29)	Not affected
CVE-2021-46774	Medium	Not affected	Not affected
CVE-2023-20533	Medium	Not affected	Not affected
CVE-2023-20566	Medium	Not affected	Not affected
CVE-2023-20571	Medium	Not affected	Not affected
1.0.0.5
(2023-07-28)
CVE-2021-26345	Low	Not affected	Not affected
CVE-2021-46762	Low	Not affected	Not affected
CVE-2021-46766	Low	Not affected	Not affected
CVE-2022-23830	Low	Not affected	Not affected
CVE-2023-20521	Low	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	EmbeddedPI-FP5
1.2.0.A
(2023-07-31)	Not affected	Not affected
CVE-2023-20526	Low	Not affected	Not affected