Lucene search

[email protected]CVE-2021-26330

HistoryNov 16, 2021 - 7:15 p.m.

CVE-2021-26330

2021-11-1619:15:08

CWE-787

CWE-122

[email protected]

web.nvd.nist.gov

cve-2021-26330

amd

smu

heap-based overflow

resource loss

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

Affected configurations

NVD

Node

amdepyc_7003_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7003Match-

Node

amdepyc_7002_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7002Match-

Node

amdepyc_7001_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7001Match-

Node

amdepyc_72f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_72f3Match-

Node

amdepyc_7313_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313Match-

Node

amdepyc_7313p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313pMatch-

Node

amdepyc_7343_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7343Match-

Node

amdepyc_73f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_73f3Match-

Node

amdepyc_7413_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7413Match-

Node

amdepyc_7443_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443Match-

Node

amdepyc_7443p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443pMatch-

Node

amdepyc_7453_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7453Match-

Node

amdepyc_74f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_74f3Match-

Node

amdepyc_7513_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7513Match-

Node

amdepyc_7543_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543Match-

Node

amdepyc_7543p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543pMatch-

Node

amdepyc_75f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_75f3Match-

Node

amdepyc_7643_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7643Match-

Node

amdepyc_7663_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7663Match-

Node

amdepyc_7713_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713Match-

Node

amdepyc_7713p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713pMatch-

Node

amdepyc_7763_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7763Match-

Node

amdepyc_7232p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7232pMatch-

Node

amdepyc_7252_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7252Match-

Node

amdepyc_7262_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7262Match-

Node

amdepyc_7272_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7272Match-

Node

amdepyc_7282_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7282Match-

Node

amdepyc_7302_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7302Match-

Node

amdepyc_7302p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7302pMatch-

Node

amdepyc_7352_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7352Match-

Node

amdepyc_7402_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7402Match-

Node

amdepyc_7402p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7402pMatch-

Node

amdepyc_7452_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7452Match-

Node

amdepyc_7502_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7502Match-

Node

amdepyc_7502p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7502pMatch-

Node

amdepyc_7532_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7532Match-

Node

amdepyc_7542_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7542Match-

Node

amdepyc_7552_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7552Match-

Node

amdepyc_7642_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7642Match-

Node

amdepyc_7662_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7662Match-

Node

amdepyc_7702_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7702Match-

Node

amdepyc_7702p_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7702pMatch-

Node

amdepyc_7742_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7742Match-

Node

amdepyc_7f32_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f32Match-

Node

amdepyc_7f52_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f52Match-

Node

amdepyc_7f72_firmwareRange<romepi-sp3_1.0.0.c

AND

amdepyc_7f72Match-

Node

amdepyc_7251_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7251Match-

Node

amdepyc_7281_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7281Match-

Node

amdepyc_7301_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7301Match-

Node

amdepyc_7351_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7351Match-

Node

amdepyc_7351p_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7351pMatch-

Node

amdepyc_7401_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7401Match-

Node

amdepyc_7401p_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7401pMatch-

Node

amdepyc_7451_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7451Match-

Node

amdepyc_7501_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7501Match-

Node

amdepyc_7551_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7551Match-

Node

amdepyc_7551p_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7551pMatch-

Node

amdepyc_7601_firmwareRange<naplespi-sp3_1.0.0.g

AND

amdepyc_7601Match-

CPENameOperatorVersion
amd:epyc_7003_firmwareamd epyc 7003 firmwareltmilanpi-sp3_1.0.0.4

CPE	Name	Operator	Version
amd:epyc_7003_firmware	amd epyc 7003 firmware	lt	milanpi-sp3_1.0.0.4

CNA Affected

[
  {
    "product": "1st Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "NaplesPI-SP3_1.0.0.G",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "2nd Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "RomePI-SP3_1.0.0.C",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "3rd Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "MilanPI-SP3_1.0.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2021-26330

cvelist1 prion1 nvd1 amd1