CVE-2021-26364

CWE-119 — Buffer Overflow3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 66.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7232p Firmware AMD Epyc 7252 Firmware AMD Epyc 7262 Firmware +42 more

Timeline

PublishedMay 11

Latest updateMay 12

Description

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages45 packages

▶NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_7282_firmware< romepi-sp3_1.0.0.d

▶NVDamd/epyc_72f3_firmware< milanpi-sp3_1.0.0.7

🔴Vulnerability Details

GHSA

GHSA-q56v-q98x-mc7h: Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could resu↗2022-05-12

▶

CVEList

CVE-2021-26364: Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could resu↗2022-05-11

▶