CVE-2021-26347

CWE-1284 CWE-3675 documents5 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 85.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7002 Firmware AMD Epyc 7232p Firmware AMD Epyc 7252 Firmware +47 more

Timeline

PublishedMay 11

Latest updateJul 19

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages50 packages

▶NVDamd/epyc_7002_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7282_firmware< romepi-sp3_1.0.0.d

🔴Vulnerability Details

GHSA

GHSA-3mg2-q757-f3m2: TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address tha↗2022-05-12

▶

CVEList

CVE-2021-26347: Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 dire↗2022-05-11

▶

💥Exploits & PoCs

Nuclei

Adobe Coldfusion - Authentication Bypass

▶

💬Community

HackerOne

CVE-2023-26347 in https://████.mil/hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true↗2024-07-19

▶