CVE-2021-26345: Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting…

medium4.9CVSS 3.1

AVNACLPRHUINSUCNINAH

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

Affected

95 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	2nd_gen_amd_epyc_processors	—	—
amd	3rd_gen_amd_epyc_processors	—	—
amd	4th_gen_amd_epyc_processors	—	—
amd	amd_epyc_embedded_7002	—	—
amd	amd_epyc_embedded_7003	—	—
amd	epyc_7203_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7203p_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7232p_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7252_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7262_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7272_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7282_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_72f3_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7302_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7302p_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7303_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7303p_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7313_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7313p_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7343_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7352_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7373x_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_73f3_firmware	< milanpi_1.0.0.a	milanpi_1.0.0.a
amd	epyc_7402_firmware	< romepi_1.0.0.f	romepi_1.0.0.f
amd	epyc_7402p_firmware	< romepi_1.0.0.f	romepi_1.0.0.f