CVE-2021-26317Resource Exposure in AMD Athlon Series

CWE-668Resource Exposure3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD Athlon SeriesAMD Ryzen Series
Timeline
PublishedMay 12
Latest updateMay 13

Description

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5amd/ryzen_seriesvarious
CVEListV5amd/athlon_seriesvarious

🔴Vulnerability Details

2
GHSA
GHSA-qc86-j87r-2654: Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execu2022-05-13
CVEList
CVE-2021-26317: Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execu2022-05-12
CVE-2021-26317 — Resource Exposure in AMD Athlon Series | cvebase