CVE-2021-26345

Description

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

CVSS Metrics

• v3.1•LOW•Score: 1.9CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
• v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.04%• Percentile: 13%

Techniques & Countermeasures

• CWE-125•Out-of-bounds Read

  The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

• amd•2nd gen amd epyc™ processors

  various

• amd•3rd gen amd epyc™ processors

  various

• amd•4th gen amd epyc™ processors

  various

• amd•amd epyc™ embedded 7002

  various

• amd•amd epyc™ embedded 7003

  various

• amd•epyc_7203_firmware

  < milanpi_1.0.0.a

• amd•epyc_7203p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7232p_firmware

  < romepi_1.0.0.f

• amd•epyc_7252_firmware

  < romepi_1.0.0.f

• amd•epyc_7262_firmware

  < romepi_1.0.0.f

• amd•epyc_7272_firmware

  < romepi_1.0.0.f

• amd•epyc_7282_firmware

  < romepi_1.0.0.f

• amd•epyc_72f3_firmware

  < milanpi_1.0.0.a

• amd•epyc_7302_firmware

  < romepi_1.0.0.f

• amd•epyc_7302p_firmware

  < romepi_1.0.0.f

• amd•epyc_7303_firmware

  < milanpi_1.0.0.a

• amd•epyc_7303p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7313_firmware

  < milanpi_1.0.0.a

• amd•epyc_7313p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7343_firmware

  < milanpi_1.0.0.a

• amd•epyc_7352_firmware

  < romepi_1.0.0.f

• amd•epyc_7373x_firmware

  < milanpi_1.0.0.a

• amd•epyc_73f3_firmware

  < milanpi_1.0.0.a

• amd•epyc_7402_firmware

  < romepi_1.0.0.f

• amd•epyc_7402p_firmware

  < romepi_1.0.0.f

• amd•epyc_7413_firmware

  < milanpi_1.0.0.a

• amd•epyc_7443_firmware

  < milanpi_1.0.0.a

• amd•epyc_7443p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7452_firmware

  < romepi_1.0.0.f

• amd•epyc_7453_firmware

  < milanpi_1.0.0.a

• amd•epyc_7473x_firmware

  < milanpi_1.0.0.a

• amd•epyc_74f3_firmware

  < milanpi_1.0.0.a

• amd•epyc_7502_firmware

  < romepi_1.0.0.f

• amd•epyc_7502p_firmware

  < romepi_1.0.0.f

• amd•epyc_7513_firmware

  < milanpi_1.0.0.a

• amd•epyc_7532_firmware

  < romepi_1.0.0.f

• amd•epyc_7542_firmware

  < romepi_1.0.0.f

• amd•epyc_7543_firmware

  < milanpi_1.0.0.a

• amd•epyc_7543p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7552_firmware

  < romepi_1.0.0.f

• amd•epyc_7573x_firmware

  < milanpi_1.0.0.a

• amd•epyc_75f3_firmware

  < milanpi_1.0.0.a

• amd•epyc_7642_firmware

  < romepi_1.0.0.f

• amd•epyc_7643_firmware

  < milanpi_1.0.0.a

• amd•epyc_7643p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7662_firmware

  < romepi_1.0.0.f

• amd•epyc_7663_firmware

  < milanpi_1.0.0.a

• amd•epyc_7663p_firmware

  < milanpi_1.0.0.a

• amd•epyc_7702_firmware

  < romepi_1.0.0.f

• amd•epyc_7702p_firmware

  < romepi_1.0.0.f

Showing first 50 affected entries in server-rendered view.

References (2)

• https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
• https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001