Amd.comAMD-SB-5002AMD Embedded Processors Vulnerabilities – Aug 2024
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.3%
Bulletin ID: AMD-SB-5002 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below
Summary
Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization (PI) firmware packages.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2022-23815 | 7.5 (High)AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry potentially leading to arbitrary code execution. |
| CVE-2023-20578 | 7.5 (High)AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer, potentially resulting in arbitrary code execution. |
| CVE-2021-26344 | 7.2 (High)AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H | An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. |
| CVE-2022-23817 | 7.0 (High) AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. |
| CVE-2023-20591 | 6.5 (Medium)AV:N /AC:H/PR:N/UI:N/S:C/ C:L/I:L/A:L | Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. |
| CVE-2021-26367 | 5.7 (Medium)AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. |
| CVE-2024-21981 | 5.7 (Medium)AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N | Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. |
| CVE-2021-46746 | 5.2 (Medium)AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H | Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to corrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. |
| CVE-2021-26387 | 3.9 (Low)AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L | Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. |
| CVE-2021-46772 | 3.9 (Low)AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L | Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. |
| CVE-2023-20518 | 1.6 (Low)AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N | Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. |
Affected Products and Mitigation
AMD recommends updating to the Platform Initialization (PI) firmware version indicated below.
CVE
| AMD EPYC™ Embedded 3000|AMD EPYC™ Embedded 7002|AMD EPYC™ Embedded 7003|AMD EPYC™ Embedded 9003
—|—|—|—|—
For mitigation purposes, AMD recommends updating to this minimum firmwareversion to mitigate all listed CVEs| SnowyOwl PI1.1.0.A(2023-07-31)| EmbRomePI-SP31.0.0.A(2023-07-31)| EmbMilanPI-SP31.0.0.7(2023-07-31)| EmbGenoaPI-SP51.0.0.3(2023-09-15)
CVE-2021-26344| High| No fix planned1| EmbRomePI-SP31.0.0.6(2021-10-29)| EmbMilanPI-SP31.0.0.2(2021-10-29)| Not affected
CVE-2022-23815| High| Not affected| Not affected| Not affected| Not affected
CVE-2022-23817| High| Not affected| Not affected| Not affected| Not affected
CVE-2023-20578| High| SnowyOwl PI1.1.0.A(2023-07-31)| EmbRomePI-SP31.0.0.A(2023-07-31)| EmbMilanPI-SP31.0.0.7(2023-07-31)| EmbGenoaPI-SP51.0.0.0(2023-04-28)
CVE-2021-26367| Medium| Not affected| Not affected| Not affected| Not affected
CVE-2021-46746| Medium| No fix planned3| No fix planned| No fix planned| No fix planned
CVE-2023-20591| Medium| Not affected| Not affected| EmbMilanPI-SP31.0.0.7(2023-07-31)| EmbGenoaPI-SP51.0.0.3(2023-09-15)
CVE-2024-21981| Medium| No fix planned2| No fix planned| No fix planned| No fix planned
CVE-2021-26387| Low| No fix planned3| No fix planned| No fix planned| No fix planned
CVE-2021-46772| Low| Not affected| EmbRomePI-SP31.0.0.8(2022-07-29)| EmbMilanPI-SP3 1.0.0.5(2022-07-29)| Not affected
CVE-2023-20518| Low| Not affected| Not affected| Not affected| Not affected
CVE ****|AMD Ryzen™ Embedded R1000|AMD Ryzen™ Embedded R2000|AMD Ryzen™ Embedded 5000|AMD Ryzen™ Embedded 7000
—|—|—|—|—
Minimum version to mitigate all listed CVEs| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.0.0.2(2023-07-31)| EmbAM4PI1.0.0.5(2024-4-15)| EmbeddedAM5PI1.0.0.0(2023-11-30)
CVE-2021-26344| High| No fix planned1| No fix planned| No fix planned| Not affected
CVE-2022-23815| 7.5 (High)| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| Not affected| Not affected
CVE-2022-23817| High| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| EmbAM4PI1.0.0.2(2022-10-31)| EmbeddedAM5PI1.0.0.0(2023-11-30)
CVE-2023-20578| High| Not affected| Not affected| Not affected| EmbeddedAM5PI1.0.0.0(2023-11-30)
CVE-2021-26367| Medium| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| Not affected| Not affected
CVE-2021-46746| Medium| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| EmbAM4PI1.0.0.2(2022-10-31)| EmbeddedAM5PI1.0.0.0(2023-11-30)
CVE-2023-20591| Medium| Not affected| Not affected| Not affected| Not affected
CVE-2024-21981| Medium| No fix planned2| No fix planned| No fix planned| Not affected
CVE-2021-26387| Low| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| EmbAM4PI1.0.0.2(2022-10-31)| Not affected
CVE-2021-46772| Low| No fix planned| No fix planned| No fix planned| Not affected
CVE-2023-20518| Low| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedR2KPI-FP5 1.0.0.2(2023-07-31)| EmbAM4PI1.0.0.3(2023-07-31)| EmbeddedAM5PI1.0.0.0(2023-11-30)
CVE
| AMD Ryzen™ Embedded V1000|AMD Ryzen™ Embedded V2000|AMD Ryzen™ Embedded V3000
—|—|—|—
Minimum version to mitigate all listed CVEs
| All V1000 OPNs excluding YE1500C4T4MFH| YE1500C4T4MFH| EmbeddedPI-FP6
1.0.0.9(2024-04-15)| EmbeddedPI-FP7r2
1.0.0.9(2024-04-01)
EmbeddedPI-FP51.2.0.A(2023-07-31)
CVE-2021-26344| High| No fix planned1| No fix planned| No fix planned| EmbeddedPI-FP7r21.0.0.4(2023-04-28)
CVE-2022-23815| High| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.2.0.A(2023-07-31)| Not affected| Not affected
CVE-2022-23817| High| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP61.0.0.8(2023-07-31)| EmbeddedPI-FP7r21.0.0.2(2022-10-31)
CVE-2023-20578| High| Not affected
| Not affected| Not affected| EmbeddedPI-FP7r21.0.0.8(2024-01-15)
CVE-2021-26367| Medium| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP61.0.0.6(2022-04-29)| Not affected
CVE-2021-46746| Medium| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP61.0.0.6(2022-04-29)| EmbeddedPI-FP7r21.0.0.2(2022-10-31)
CVE-2023-20591| Medium| Not affected| Not affected| Not affected| Not affected
CVE-2024-21981| Medium| No fix planned2| No fix planned| Not affected| Not affected
CVE-2021-26387| Low| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP51.2.0.A(2023-07-31)| EmbeddedPI-FP61.0.0.6(2022-04-29)| EmbeddedPI-FP7r21.0.0.9(2024-04-01)
CVE-2021-46772| Low| No fix planned| No fix planned| No fix planned| EmbeddedPI-FP7r21.0.0.4(2023-04-28)
CVE-2023-20518| Low| No fix planned| No fix planned| EmbeddedPI-FP61.0.0.8(2023-07-31)| EmbeddedPI-FP7r21.0.0.5(2023-07-31)
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.3%