CVE-2021-26379: Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.

Affected

50 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	2nd_gen_amd_epyc	—	—
amd	3rd_gen_amd_epyc	—	—
amd	epyc_7232p_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7252_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7262_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7272_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7282_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_72f3_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7302_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7302p_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7313_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7313p_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7343_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7352_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7373x_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_73f3_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7402_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7402p_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7413_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7443_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7443p_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7452_firmware	< romepi_1.0.0.e	romepi_1.0.0.e
amd	epyc_7453_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_7473x_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9
amd	epyc_74f3_firmware	< milanpi_1.0.0.9	milanpi_1.0.0.9