CVE-2021-26378

CWE-119Buffer Overflow3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
86
AMD Epyc 7232p FirmwareAMD Epyc 7252 FirmwareAMD Epyc 7262 Firmware+83 more
Timeline
PublishedMay 11
Latest updateMay 12

Description

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages86 packages

NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7262_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7272_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_7282_firmware< romepi-sp3_1.0.0.d
NVDamd/epyc_72f3_firmware< milanpi-sp3_1.0.0.7

🔴Vulnerability Details

2
GHSA
GHSA-h8p7-r5rw-w964: Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service2022-05-12
CVEList
CVE-2021-26378: Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service2022-05-11
CVE-2021-26378 (MEDIUM CVSS 5.5) | Insufficient bound checks in the Sy | cvebase.io