CVE-2021-26402

CVSS V2 None CVSS V3 None

Description

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

Overview

CVE ID
CVE-2021-26402

Assigner
psirt@amd.com

Vulnerability Status
Analyzed

Published Version
2023-01-11T08:15:11

Last Modified Date
2023-01-18T23:15:57

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:amd:epyc_7h12_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7h12:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f72_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7f72:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f52_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7f52:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f32_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7f32:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7742_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7742:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7702p_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7702p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7702_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7702:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7662_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7662:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7642_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7642:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7552_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7552:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7542_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7542:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7532_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7532:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7502p_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7502p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7502_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7502:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7452_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7452:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7402_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7402:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7402p_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7402p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7352_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7352:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7302p_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7302p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7302_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7302:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7282_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7282:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7272_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7272:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7262_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7262:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7252_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7252:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7232p_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7232p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7002_firmware::::::::	1	OR	romepi_1.0.0.c
cpe:2.3:h:amd:epyc_7002:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7003_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7003:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_72f3_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_72f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7313:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313p_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7313p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7343_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7343:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7373x_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7373x:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_73f3_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_73f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7413_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7413:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7443:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443p_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7443p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7453_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7453:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_74f3_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_74f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7513_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7513:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7543:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543p_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7543p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7573x_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7573x:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_75f3_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_75f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7643_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7643:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7663_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7663:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7713:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713p_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7713p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7743_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7743:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7763_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7763:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7773x_firmware::::::::	1	OR	milanpi_1.0.0.4
cpe:2.3:h:amd:epyc_7773x:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-26402
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26402

History

Created	Old Value	New Value	Data Type	Notes
2023-01-12 05:17:10				Added to TrackCVE
2023-01-17 15:15:00	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-19 00:18:22		2023-01-18T23:15:57	CVE Modified Date	updated
2023-01-19 00:18:22	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-19 00:18:22			Weakness Enumeration	new
2023-01-19 00:18:27			CPE Information	updated