CVE-2021-26371: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

Affected

82 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	1st_gen_amd_epyc_processors	—	—
amd	2nd_gen_amd_epyc_processors	—	—
amd	3rd_gen_amd_epyc_processors	—	—
amd	3rd_gen_amd_ryzen_threadripper_processors_castle_peak_hedt	—	—
amd	amd_3015ce_firmware	< pollockpi-ft5_1.0.0.3	pollockpi-ft5_1.0.0.3
amd	amd_3015e_firmware	< pollockpi-ft5_1.0.0.3	pollockpi-ft5_1.0.0.3
amd	amd_ryzen_5000_series_desktop_processors_vermeer_am4	—	—
amd	athlon_3000_series_mobile_processors_with_radeon_graphics_dali_dali_ulp	—	—
amd	athlon_3000_series_mobile_processors_with_radeon_graphics_pollock	—	—
amd	epyc_7001_firmware	< naplespi_1.0.0.h	naplespi_1.0.0.h
amd	epyc_7002_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7003_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7232p_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7251_firmware	< naplespi_1.0.0.h	naplespi_1.0.0.h
amd	epyc_7252_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7261_firmware	< naplespi_1.0.0.h	naplespi_1.0.0.h
amd	epyc_7262_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7272_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7281_firmware	< naplespi_1.0.0.h	naplespi_1.0.0.h
amd	epyc_7282_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_72f3_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6
amd	epyc_7301_firmware	< naplespi_1.0.0.h	naplespi_1.0.0.h
amd	epyc_7302_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7302p_firmware	< romepi_1.0.0.d	romepi_1.0.0.d
amd	epyc_7313_firmware	< milanpi_1.0.0.6	milanpi_1.0.0.6