CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
40.2%
Bulletin ID: AMD-SB-1027 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below
During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2021-26317 | 7.9 (High) | Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. |
CVE-2021-26335 | 7.5 (High) | Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. |
CVE-2021-39298 | 7.5 (High) | A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware. |
CVE-2023-20558 | High | Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. |
CVE-2023-20559 | High | Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. |
CVE-2021-26373 | 7.2 (High) | Insufficient bound checks in System Management Unit (SMU) may result in system voltage malfunction that could result in denial of resources and/or possibly denial of service. |
CVE-2020-12946 | 6.8 (Medium) | Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. |
CVE-2021-26361 | 6.4 (Medium) | A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. |
CVE-2021-26363 | 6.4 (Medium) | A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. |
CVE-2021-26366 | 6.4 (Medium) | An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. |
CVE-2021-26369 | 6.4 (Medium) | A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. |
CVE-2021-26386 | 6.4 (Medium) | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. |
CVE-2021-26336 | 6.1 (Medium) | Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. |
CVE-2021-26337 | 6.1 (Medium) | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. |
CVE-2020-12951 | 6.1 (Medium) | Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. |
CVE-2021-26376 | 6.1 (Medium) | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. |
CVE-2021-26352 | 6.1 (Medium) | Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. |
CVE-2021-26375 | 6.1 (Medium) | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. |
CVE-2021-26378 | 6.1 (Medium) | Insufficient bound checks in System Management Unit (SMU) hot plug PCIe ports may result in access/updates from/to invalid address space that could result in denial of service. |
CVE-2021-26372 | 6.1 (Medium) | Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug Config Table may result in an out of bounds access/updates from/to invalid address space that could result in denial of service. |
CVE-2021-26351 | 6.1 (Medium) | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. |
CVE-2021-26390 | 6.0 (Medium) | A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. |
CVE-2021-26362 | 5.7 (Medium) | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. |
CVE-2021-26339 | 5.5 (Medium) | A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. |
CVE-2020-12944 | 5.5 (Medium) | Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
CVE-2021-26368 | 4.1 (Medium) | Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. |
CVE-2021-26388 | 4.1 (Medium) | Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. |
CVE-2021-26312 | 4.1 (Medium) | Improper ECC (error correction code) protections implemented in ASP hardware may allow side-channel exposure potentially resulting in information disclosure. |
CVE-2021-26384 | 3.0 (Low) | A malformedSMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. |
CVE-2021-26382 | 1.9 (Low) | An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. |
See Tables
AMD recommends updating to the AGESA™ PI software version indicated below.
Platform | Internal Name | PI Version | Release Date | Applicable CVEs |
---|---|---|---|---|
DESKTOP | ||||
AMD Ryzen™ 2000 Series Desktop Processor | “Raven Ridge” AM4 | Raven-FP5-AM4 1.1.0.E | 02/14/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
Raven-FP5-AM4 1.1.0.D | 10/10/2021 | |||
PinnaclePI-AM4 1.0.0.C | 02/17/2022 | |||
ComboAM4PI 1.0.0.8 | 02/28/2022 | |||
ComboAM4v2 PI 1.2.0.6c | 01/6/2022 | |||
ComboAM4v2 PI 1.2.0.4 | 8/25/2021 | |||
AMD Ryzen™ 2000 Series Desktop Processor | “Pinnacle Ridge” | PinnaclePI-AM4 1.0.0.C | 02/17/2022 | CVE-2020-12944 |
CVE-2021-26352 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26369 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4PI 1.0.0.8 | 02/28/2022 | |||
ComboAM4 V2 PI 1.2.0.6c | 02/22/2022 | |||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
AMD Ryzen™ 3000 Series Desktop Processor | “Matisse” AM4 | ComboAM4PI 1.0.0.8 | 02/28/2022 | CVE-2021-26317 |
CVE-2020-12944 | ||||
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26335 | ||||
CVE-2021-26336 | ||||
CVE-2021-26337 | ||||
CVE-2021-26351 | ||||
CVE-2021-26352 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26375 | ||||
CVE-2021-26376 | ||||
CVE-2021-26378 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4 V2 PI 1.2.0.6c | 02/22/2022 | |||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
AMD Ryzen™ 5000 Series Desktop Processor | “Vermeer” AM4 | ComboAM4 V2 PI 1.2.0.6c | 02/22/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26335 | ||||
CVE-2021-26336 | ||||
CVE-2021-26337 | ||||
CVE-2021-26351 | ||||
CVE-2021-26352 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26375 | ||||
CVE-2021-26376 | ||||
CVE-2021-26378 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics | “Cezanne” AM4 | ComboAM4 V2 PI 1.2.0.6c | 02/22/2022 | CVE-2021-26361 |
CVE-2021-26362 | ||||
CVE-2021-26363 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26373 | ||||
CVE-2021-26386 | ||||
CVE-2021-26382 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
HEDT (High End Desktop) | ||||
2nd Gen AMD Ryzen™ Threadripper™ Processor | “Colfax” | SummitPI-SP3r2 1.1.0.5 | 01/12/2022 | CVE-2020-12944 |
CVE-2021-26352 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26369 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
3rd Gen AMD Ryzen™ Threadripper™ Processors | “Castle Peak” HEDT | CastlePeakPI-SP3r3 1.0.0.7 | 01/28/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26336 | ||||
CVE-2021-26337 | ||||
CVE-2021-26351 | ||||
CVE-2021-26352 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26375 | ||||
CVE-2021-26376 | ||||
CVE-2021-26378 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
CastlePeakPI-SP3r3 1.0.0.6 | 09/08/2021 | |||
WORKSTATION | ||||
AMD Ryzen™ Threadripper™ PRO Processor | “Castle Peak” WS | ChagallWSPI-sWRX8 1.0.0.2 | 01/7/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26336 | ||||
CVE-2021-26337 | ||||
CVE-2021-26351 | ||||
CVE-2021-26352 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26372 | ||||
CVE-2021-26373 | ||||
CVE-2021-26375 | ||||
CVE-2021-26376 | ||||
CVE-2021-26378 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
CastlePeakWSPI-sWRX8 1.0.0.9 | 01/20/2022 | |||
CastlePeakWSPI-sWRX8 1.0.0.7 | 09/08/2021 | |||
“Chagall” WS | ChagallWSPI-sWRX8 1.0.0.2 | 01/7/2022 | CVE-2020-12944 | |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26336 | ||||
CVE-2021-26337 | ||||
CVE-2021-26351 | ||||
CVE-2021-26352 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26373 | ||||
CVE-2021-26375 | ||||
CVE-2021-26376 | ||||
CVE-2021-26378 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
MOBILE | ||||
AMD Ryzen™ 2000 Series Mobile Processor | “Raven Ridge” FP5 | Raven-FP5-AM4 1.1.0.E | 02/14/2022 | CVE-2020-12944 |
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26373 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
Raven-FP5-AM4 1.1.0.D | 10/10/2021 | |||
PinnaclePI-AM4 1.0.0.C | 02/17/2022 | |||
ComboAM4PI 1.0.0.8 | 02/28/2022 | |||
ComboAM4v2 PI 1.2.0.6c | 02/22/2022 | |||
AMD Ryzen™ 3000 Series Mobile Processor, 2nd Gen AMD RyzenTM Mobile Processor with RadeonTM Graphics | “Picasso” | PicassoPI-FP5 1.0.0.D | 02/28/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26373 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4PI 1.0.0.8 | 02/28/2022 | |||
ComboAM4v2 PI 1.2.0.6c | 02/22/2022 | |||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
AMD AthlonTM 3000 Series Mobile Processors with Radeon™ Graphics | “Dali”/”Dali” ULP | PicassoPI-FP5 1.0.0.D | 02/28/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
AMD AthlonTM 3000 Series Mobile Processors with Radeon™ Graphics | “Pollock” | PollockPI-FT5 1.0.0.3 | 02/28/2022 | CVE-2020-12944 |
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26390 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
AMD Ryzen™ 4000 Series Mobile Processor with Radeon™ Graphics | “Renoir” FP6 | RenoirPI-FP6 1.0.0.7 | 11/03/2021 | CVE-2020-12944 |
CVE-2020-12946 | ||||
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26363 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26373 | ||||
CVE-2021-26376 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26382 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
ComboAM4v2 PI 1.2.0.4 | 08/25/2021 | |||
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | “Lucienne” | CezannePI-FP6 1.0.0. 9a | 02/28/2022 | CVE-2020-12944 |
CVE-2020-12946 | ||||
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26363 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26382 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
CezannePI-FP6 1.0.0.5 | 08/18/2021 | |||
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | “Cezanne” | CezannePI-FP6 1.0.0.9 | 02/28/2022 | CVE-2020-12944 |
CVE-2020-12946 | ||||
CVE-2020-12951 | ||||
CVE-2021-26312 | ||||
CVE-2021-26361 | ||||
CVE-2021-26362 | ||||
CVE-2021-26363 | ||||
CVE-2021-26366 | ||||
CVE-2021-26368 | ||||
CVE-2021-26369 | ||||
CVE-2021-26376 | ||||
CVE-2021-26386 | ||||
CVE-2021-26388 | ||||
CVE-2021-26382 | ||||
CVE-2021-26317 | ||||
CVE-2021-39298 | ||||
CVE-2021-26339 | ||||
CVE-2021-26384 | ||||
CVE-2023-20558 | ||||
CVE-2023-20559 | ||||
CezannePI-FP6 1.0.0.5 | 08/18/2021 |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
40.2%