CVE-2021-26372

CWE-119Buffer Overflow3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
47
AMD Epyc 7232p FirmwareAMD Epyc 7252 FirmwareAMD Epyc 7262 Firmware+44 more
Timeline
PublishedMay 11
Latest updateMay 12

Description

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages47 packages

NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7282_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_72f3_firmware< milanpi-sp3_1.0.0.7

🔴Vulnerability Details

2
GHSA
GHSA-x5hg-q2vc-mxfh: Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in de2022-05-12
CVEList
CVE-2021-26372: Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in de2022-05-11
CVE-2021-26372 (MEDIUM CVSS 5.5) | Insufficient bound checks related t | cvebase.io