CVE-2021-26345

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 87.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware AMD Epyc 7232p Firmware +92 more

Timeline

PublishedNov 14

Description

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 0.5 | Impact: 1.4

Affected Packages95 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.a

▶NVDamd/epyc_7252_firmware< romepi_1.0.0.f

▶NVDamd/epyc_7262_firmware< romepi_1.0.0.f

▶NVDamd/epyc_7272_firmware< romepi_1.0.0.f

▶NVDamd/epyc_7282_firmware< romepi_1.0.0.f

🔴Vulnerability Details

CVEList

CVE-2021-26345: Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially↗2023-11-14

▶

GHSA

GHSA-vgxm-8jf8-3h3v: Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially↗2023-11-14

▶