CVE-2021-26354: Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be…

medium5.5CVSS 3.1

AVLACLPRLUINSUCNIHAN

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

Affected

91 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	2nd_gen_amd_epyc_processors	—	—
amd	2nd_gen_amd_ryzen_threadripper_processors_colfax	—	—
amd	3rd_gen_amd_epyc_processors	—	—
amd	3rd_gen_amd_ryzen_threadripper_processors_castle_peak_hedt	—	—
amd	amd_3015ce_firmware	< pollockpi-ft5_1.0.0.3	pollockpi-ft5_1.0.0.3
amd	amd_3015e_firmware	< pollockpi-ft5_1.0.0.3	pollockpi-ft5_1.0.0.3
amd	amd_ryzen_5000_series_desktop_processors_vermeer_am4	—	—
amd	athlon_3000_series_mobile_processors_with_radeon_graphics_dali_dali_ulp	—	—
amd	athlon_3000_series_mobile_processors_with_radeon_graphics_pollock	—	—
amd	epyc_7002_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7003_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7232p_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7252_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7262_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7272_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7282_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_72f3_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7302_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7302p_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7313_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7313p_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7343_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7352_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7373x_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_73f3_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6