Arbitrary Code Execution Vulnerability in AMD System Management Unit
CVE-2021-26331

7.8HIGH

Key Information:

Vendor: Amd
Status: 1st Gen Amd Epyc™; 2nd Gen Amd Epyc™; 3rd Gen Amd Epyc™
Vendor: CVE Published:; 16 November 2021

Summary

The AMD System Management Unit (SMU) has a flaw that might allow a malicious actor to interfere with mailbox entries, potentially leading to unauthorized arbitrary code execution. This vulnerability poses significant security risks as it can be exploited to gain control of affected systems. It is crucial for users and organizations utilizing AMD products to remain vigilant and apply necessary updates.

Affected Version(s)

1st Gen AMD EPYC™ < unspecified

2nd Gen AMD EPYC™ < unspecified

3rd Gen AMD EPYC™ < unspecified

References

https://www.amd.com/en/corporate/product-security/bulleti...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Jan 29, 2021