cbcvebase.
CVE-2021-26356
published 2023-05-09

CVE-2021-26356: A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and…

high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

Affected

80 ranges· showing 25
VendorProductVersion rangeFixed in
amd1st_gen_amd_epyc_processors
amd2nd_gen_amd_epyc_processors
amd3rd_gen_amd_epyc_processors
amd3rd_gen_amd_ryzen_threadripper_processors_castle_peak_hedt
amdamd_ryzen_5000_series_desktop_processors_vermeer_am4
amdepyc_7001_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7002_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7232p_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7251_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7252_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7261_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7262_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7272_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7281_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7282_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_72f3_firmware< milanpi_1.0.0.6milanpi_1.0.0.6
amdepyc_7301_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7302_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7302p_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7313_firmware< milanpi_1.0.0.6milanpi_1.0.0.6
amdepyc_7313p_firmware< milanpi_1.0.0.6milanpi_1.0.0.6
amdepyc_7343_firmware< milanpi_1.0.0.6milanpi_1.0.0.6
amdepyc_7351_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7351p_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7352_firmware< romepi_1.0.0.dromepi_1.0.0.d