Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

AMD Server Vulnerabilities - January 2023

AMD Server Vulnerabilities - January 2023

AMD Server Vulnerabilities - January 2023

Lenovo Security Advisory: LEN-87730

Potential Impact: Arbitrary Code Execution, Denial of Service, Information Disclosure

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2021-26316,CVE-2021-26328,CVE-2021-26343,CVE-2021-26353, CVE-2021-26355,CVE-2021-26396,CVE-2021-26398,CVE-2021-26402,CVE-2021-26403,CVE-2021-26404,CVE-2021-26407,CVE-2021-26409,CVE-2021-39298,CVE-2021-46767,CVE-2021-46768,CVE-2021-46779,CVE-2021-46791,CVE-2022-23813,CVE-2022-23814,CVE-2023-20522,CVE-2023-20523,CVE-2023-20525,CVE-2023-20527,CVE-2023-20528,CVE-2023-20529,CVE-2023-20530,CVE-2023-20531,CVE-2023-20532

 

Summary Description:

AMD has reported vulnerabilities in some AMD server processors.  

 

Mitigation Strategy for Customers (what you should do to protect yourself):

Update system firmware to the version (or newer) indicated for your model in the Product Impact section.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

ThinkAgile

ThinkSystem

 

References:

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1032

 

Revision History:

Revision Date Description
2 2023-01-18 Updated Product Impact
1 2023-01-10 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

ThinkAgile

Product Component Minimum Fixed Version
HX3375 Appliance (ThinkAgile) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E128F
HX3376 Certified Node (ThinkAgile) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E128F

 

ThinkSystem

Product Component Minimum Fixed Version
SR635 (ThinkSystem) Lenovo ThinkSystem SR635/SR655 UEFI Firmware CFE134H
SR645 (ThinkSystem) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E128F
SR655 (ThinkSystem) Lenovo ThinkSystem SR635/SR655 UEFI Firmware CFE134H
SR665 (ThinkSystem) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E128F

Alias Id:LEN-87730
Document ID:PS500538
Original Publish Date:01/09/2023
Last Modified Date:01/18/2023