CVE-2021-26371

3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 78.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
82
AMD AMD 3015ce FirmwareAMD AMD 3015e FirmwareAMD Epyc 7001 Firmware+79 more
Timeline
PublishedMay 9

Description

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages82 packages

NVDamd/amd_3015e_firmware< pollockpi-ft5_1.0.0.3
NVDamd/epyc_7001_firmware< naplespi_1.0.0.h
NVDamd/epyc_7002_firmware< romepi_1.0.0.d
NVDamd/epyc_7003_firmware< milanpi_1.0.0.6
NVDamd/epyc_7251_firmware< naplespi_1.0.0.h

🔴Vulnerability Details

2
GHSA
GHSA-283q-cf8c-x432: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, pot2023-05-09
CVEList
CVE-2021-26371: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, pot2023-05-09
CVE-2021-26371 (MEDIUM CVSS 5.5) | A compromised or malicious ABL or U | cvebase.io