CVE-2021-26344: An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image…

high8.2CVSS 3.1

AVLACLPRHUINSCCHIHAH

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

Affected

69 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	amd_athlon_3000_series_desktop_processors_with_radeon_graphics	—	—
amd	amd_athlon_3000_series_mobile_processors_with_radeon_graphics	—	—
amd	amd_epyc_7001_series_processors	—	—
amd	amd_epyc_embedded_3000_series_processors	—	—
amd	amd_ryzen_3000_series_desktop_processors	—	—
amd	amd_ryzen_3000_series_mobile_processors_with_radeon_graphics	—	—
amd	amd_ryzen_4000_series_desktop_processors_with_radeon_graphics	—	—
amd	amd_ryzen_4000_series_mobile_processors_with_radeon_graphics	—	—
amd	amd_ryzen_5000_series_mobile_processors_with_radeon_graphics	—	—
amd	amd_ryzen_embedded_5000_series_processors	—	—
amd	amd_ryzen_embedded_r1000_series_processors	—	—
amd	amd_ryzen_embedded_r2000_series_processors	—	—
amd	amd_ryzen_embedded_v1000_series_processors	—	—
amd	amd_ryzen_embedded_v2000_series_processors	—	—
amd	amd_ryzen_threadripper_3000_series_processors	—	—
amd	epyc_7203_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7203p_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7232p_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7252_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7262_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7272_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7282_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_72f3_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7302_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7302p_firmware	< romepi_1.0.0.c	romepi_1.0.0.c