CVE-2021-26315

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.

Cuando AMD Platform Security Processor (PSP) carga la rom de arranque, autentica y posteriormente descifra un FW cifrado, debido a una insuficiente verificación de la integridad de la imagen descifrada, es posible ejecutar código arbitrario en la PSP cuando son usadas imágenes de firmware cifradas

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-29 CVE Reserved
2021-11-16 CVE Published
2023-06-09 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-345: Insufficient Verification of Data Authenticity

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021	2021-11-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Amd Search vendor "Amd"	Epyc 7003 Firmware Search vendor "Amd" for product "Epyc 7003 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7003 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7003 Search vendor "Amd" for product "Epyc 7003"	-	-	Safe
Amd Search vendor "Amd"	Epyc 72f3 Firmware Search vendor "Amd" for product "Epyc 72f3 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 72f3 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 72f3 Search vendor "Amd" for product "Epyc 72f3"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7313 Firmware Search vendor "Amd" for product "Epyc 7313 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7313 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7313 Search vendor "Amd" for product "Epyc 7313"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7313p Firmware Search vendor "Amd" for product "Epyc 7313p Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7313p Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7313p Search vendor "Amd" for product "Epyc 7313p"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7343 Firmware Search vendor "Amd" for product "Epyc 7343 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7343 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7343 Search vendor "Amd" for product "Epyc 7343"	-	-	Safe
Amd Search vendor "Amd"	Epyc 73f3 Firmware Search vendor "Amd" for product "Epyc 73f3 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 73f3 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 73f3 Search vendor "Amd" for product "Epyc 73f3"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7413 Firmware Search vendor "Amd" for product "Epyc 7413 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7413 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7413 Search vendor "Amd" for product "Epyc 7413"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7443 Firmware Search vendor "Amd" for product "Epyc 7443 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7443 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7443 Search vendor "Amd" for product "Epyc 7443"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7443p Firmware Search vendor "Amd" for product "Epyc 7443p Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7443p Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7443p Search vendor "Amd" for product "Epyc 7443p"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7453 Firmware Search vendor "Amd" for product "Epyc 7453 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7453 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7453 Search vendor "Amd" for product "Epyc 7453"	-	-	Safe
Amd Search vendor "Amd"	Epyc 74f3 Firmware Search vendor "Amd" for product "Epyc 74f3 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 74f3 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 74f3 Search vendor "Amd" for product "Epyc 74f3"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7513 Firmware Search vendor "Amd" for product "Epyc 7513 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7513 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7513 Search vendor "Amd" for product "Epyc 7513"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7543 Firmware Search vendor "Amd" for product "Epyc 7543 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7543 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7543 Search vendor "Amd" for product "Epyc 7543"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7543p Firmware Search vendor "Amd" for product "Epyc 7543p Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7543p Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7543p Search vendor "Amd" for product "Epyc 7543p"	-	-	Safe
Amd Search vendor "Amd"	Epyc 75f3 Firmware Search vendor "Amd" for product "Epyc 75f3 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 75f3 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 75f3 Search vendor "Amd" for product "Epyc 75f3"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7643 Firmware Search vendor "Amd" for product "Epyc 7643 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7643 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7643 Search vendor "Amd" for product "Epyc 7643"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7663 Firmware Search vendor "Amd" for product "Epyc 7663 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7663 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7663 Search vendor "Amd" for product "Epyc 7663"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7713 Firmware Search vendor "Amd" for product "Epyc 7713 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7713 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7713 Search vendor "Amd" for product "Epyc 7713"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7713p Firmware Search vendor "Amd" for product "Epyc 7713p Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7713p Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7713p Search vendor "Amd" for product "Epyc 7713p"	-	-	Safe
Amd Search vendor "Amd"	Epyc 7763 Firmware Search vendor "Amd" for product "Epyc 7763 Firmware"	< milanpi-sp3_1.0.0.4 Search vendor "Amd" for product "Epyc 7763 Firmware" and version " < milanpi-sp3_1.0.0.4"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7763 Search vendor "Amd" for product "Epyc 7763"	-	-	Safe