Lucene search

[email protected]CVE-2021-26321

HistoryNov 16, 2021 - 7:15 p.m.

CVE-2021-26321

2021-11-1619:15:07

CWE-20

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-26321

sev firmware

id command validation

local attacker

denial of service

psp

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.

Affected configurations

NVD

Node

amdepyc_7601_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7601Match-

Node

amdepyc_7551p_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7551pMatch-

Node

amdepyc_7551_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7551Match-

Node

amdepyc_7501_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7501Match-

Node

amdepyc_7451_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7451Match-

Node

amdepyc_7401_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7401Match-

Node

amdepyc_7371_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7371Match-

Node

amdepyc_7351p_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7351pMatch-

Node

amdepyc_7351_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7351Match-

Node

amdepyc_7301_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7301Match-

Node

amdepyc_7281_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7281Match-

Node

amdepyc_7261_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7261Match-

Node

amdepyc_7251_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7251Match-

Node

amdepyc_7f72_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f72Match-

Node

amdepyc_7f52_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f52Match-

Node

amdepyc_7f32_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f32Match-

Node

amdepyc_7h12_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7h12Match-

Node

amdepyc_7742_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7742Match-

Node

amdepyc_7702_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7702Match-

Node

amdepyc_7702p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7702pMatch-

Node

amdepyc_7662_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7662Match-

Node

amdepyc_7642_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7642Match-

Node

amdepyc_7552_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7552Match-

Node

amdepyc_7542_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7542Match-

Node

amdepyc_7532_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7532Match-

Node

amdepyc_7502_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7502Match-

Node

amdepyc_7502p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7502pMatch-

Node

amdepyc_7452_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7452Match-

Node

amdepyc_7402_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7402Match-

Node

amdepyc_7402p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7402pMatch-

Node

amdepyc_7352_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7352Match-

Node

amdepyc_7302_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7302Match-

Node

amdepyc_7302p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7302pMatch-

Node

amdepyc_7282_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7282Match-

Node

amdepyc_7272_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7272Match-

Node

amdepyc_7262_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7262Match-

Node

amdepyc_7252_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7252Match-

Node

amdepyc_7232p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7232pMatch-

Node

amdepyc_7763_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7763Match-

Node

amdepyc_7713p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713pMatch-

Node

amdepyc_7713_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713Match-

Node

amdepyc_7663_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7663Match-

Node

amdepyc_7643_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7643Match-

Node

amdepyc_75f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_75f3Match-

Node

amdepyc_7543p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543pMatch-

Node

amdepyc_7543_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543Match-

Node

amdepyc_7513_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7513Match-

Node

amdepyc_7453_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7453Match-

Node

amdepyc_74f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_74f3Match-

Node

amdepyc_7443p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443pMatch-

Node

amdepyc_7443_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443Match-

Node

amdepyc_7413_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7413Match-

Node

amdepyc_73f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_73f3Match-

Node

amdepyc_7343_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7343Match-

Node

amdepyc_7313p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313pMatch-

Node

amdepyc_7313_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313Match-

Node

amdepyc_72f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_72f3Match-

CPENameOperatorVersion
amd:epyc_7601_firmwareamd epyc 7601 firmwareltnaplespi-sp3_1.0.0.g

CPE	Name	Operator	Version
amd:epyc_7601_firmware	amd epyc 7601 firmware	lt	naplespi-sp3_1.0.0.g

CNA Affected

[
  {
    "product": "1st Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "NaplesPI-SP3_1.0.0.G",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "2nd Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "RomePI-SP3_1.0.0.C",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "3rd Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "MilanPI-SP3_1.0.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-26321

prion1 nvd1 cnvd1 cvelist1 amd1