CVE-2021-26354

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 83.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD AMD 3015ce Firmware AMD AMD 3015e Firmware AMD Epyc 7002 Firmware +88 more

Timeline

PublishedMay 9

Description

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages91 packages

▶NVDamd/amd_3015e_firmware< pollockpi-ft5_1.0.0.3

▶NVDamd/epyc_7002_firmware< romepi_1.0.0.d

▶NVDamd/epyc_7003_firmware< milanpi_1.0.0.6

▶NVDamd/epyc_7252_firmware< romepi_1.0.0.d

▶NVDamd/epyc_7262_firmware< romepi_1.0.0.d

🔴Vulnerability Details

CVEList

CVE-2021-26354: Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be↗2023-05-09

▶

GHSA

GHSA-v3h7-q6cc-vp5h: Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be↗2023-05-09

▶