CVE-2021-26338

CWE-284Improper Access Control3 documents3 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
46
AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™AMD Epyc 7232p Firmware+43 more
Timeline
PublishedNov 16
Latest updateMay 24

Description

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages46 packages

CVEListV5amd/2nd_gen_amd_epyc™unspecifiedRomePI-SP3_1.0.0.C
CVEListV5amd/3rd_gen_amd_epyc™unspecifiedMilanPI-SP3_1.0.0.4
NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.c
NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.c
NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.c

🔴Vulnerability Details

2
GHSA
GHSA-42wg-wpqj-99fc: Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in2022-05-24
CVEList
CVE-2021-26338: Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in2021-11-16
CVE-2021-26338 (HIGH CVSS 7.5) | Improper access controls in System | cvebase.io