CVE-2021-26343

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
AMD Epyc 7003 FirmwareAMD Epyc 72f3 FirmwareAMD Epyc 7313 Firmware+22 more
Timeline
PublishedJan 11

Description

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages25 packages

NVDamd/epyc_7003_firmware< milanpi_1.0.0.3
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.3
NVDamd/epyc_7313_firmware< milanpi_1.0.0.3
NVDamd/epyc_7343_firmware< milanpi_1.0.0.3
NVDamd/epyc_73f3_firmware< milanpi_1.0.0.3

🔴Vulnerability Details

2
GHSA
GHSA-m338-vvr5-wrph: Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which m2023-01-11
CVEList
CVE-2021-26343: Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which m2023-01-10
CVE-2021-26343 (MEDIUM CVSS 5.5) | Insufficient validation in ASP BIOS | cvebase.io