CVE-2021-26372: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2021-26372 is a security vulnerability discovered in AMD EPYC processors' System Management Unit (SMU) that was disclosed on May 11, 2022. The vulnerability affects various AMD EPYC processor models and their firmware versions, including the 7232P, 7252, 7262, and many other EPYC series processors (NVD).

The vulnerability stems from insufficient bound checks related to PCIE in the System Management Unit (SMU), which could lead to access to an invalid address space. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, with no user interaction needed. The vulnerability has been classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The primary impact of this vulnerability is on system availability. If successfully exploited, it can result in a denial of service condition, potentially affecting system operations. The CVSS metrics indicate that while there is no impact on confidentiality or integrity, the vulnerability can have a high impact on system availability (NVD).

AMD has released firmware updates to address this vulnerability. For ROME processors, the fix is included in version ROMEPI-SP31.0.0.D and later, while for MILAN processors, the fix is available in version MILANPI-SP31.0.0.7 and later (AMD Advisory, AMD Server Advisory).