CVE-2021-26365

CWE-125Out-of-bounds Read3 documents3 sources
Severity
8.2HIGH
EPSS
0.2%
top 53.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
33
AMD AMD 3015ce FirmwareAMD AMD 3015e FirmwareAMD Ryzen 3 3200u Firmware+30 more
Timeline
PublishedMay 9

Description

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages33 packages

NVDamd/amd_3015e_firmware< pollockpi-ft5_1.0.0.3
NVDamd/amd_3015ce_firmware< pollockpi-ft5_1.0.0.3
NVDamd/ryzen_3_3200u_firmware< picassopi-fp5_1.0.0.d
NVDamd/ryzen_3_3250c_firmware< picassopi-fp5_1.0.0.d
NVDamd/ryzen_3_3250u_firmware< picassopi-fp5_1.0.0.d

🔴Vulnerability Details

2
GHSA
GHSA-49q9-hj6w-v395: Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentia2023-05-09
CVEList
CVE-2021-26365: Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentia2023-05-09
CVE-2021-26365 (HIGH CVSS 8.2) | Certain size values in firmware bin | cvebase.io