CVE-2021-26344

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.2HIGH

EPSS

0.1%

top 76.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware AMD Epyc 7232p Firmware +66 more

Timeline

PublishedAug 13

Description

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 0.6 | Impact: 6.0

Affected Packages69 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.5

▶NVDamd/epyc_7252_firmware< romepi_1.0.0.c

▶NVDamd/epyc_7262_firmware< romepi_1.0.0.c

▶NVDamd/epyc_7272_firmware< romepi_1.0.0.c

▶NVDamd/epyc_7282_firmware< romepi_1.0.0.c

🔴Vulnerability Details

CVEList

CVE-2021-26344: An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BI↗2024-08-13

▶

GHSA

GHSA-9h7f-r33v-rw4r: An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BI↗2024-08-13

▶