CVE-2021-26370
published 2022-05-10CVE-2021-26370: Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to…
high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amd | 2nd_gen_amd_epyc | >= unspecified < RomePI-SP3_1.0.0.C | RomePI-SP3_1.0.0.C |
| amd | 3rd_gen_amd_epyc | >= unspecified < MilanPI-SP3_1.0.0.4 | MilanPI-SP3_1.0.0.4 |
| amd | epyc_7002_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7232p_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7252_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7262_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7272_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7282_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_72f3_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7302_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7302p_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7313_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7313p_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7343_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7352_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7373x_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_73f3_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7402_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7402p_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7413_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7443_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7443p_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7452_firmware | < romepi-sp3_1.0.0.c | romepi-sp3_1.0.0.c |
| amd | epyc_7453_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |
| amd | epyc_7473x_firmware | < milanpi-sp3_1.0.0.4 | milanpi-sp3_1.0.0.4 |