CVE-2021-26384

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-77Command Injection3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
39
AMD Ryzen 3 2200u FirmwareAMD Ryzen 3 2300u FirmwareAMD Ryzen 3 5125c Firmware+36 more
Timeline
PublishedJul 14
Latest updateJul 15

Description

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages39 packages

NVDamd/ryzen_5_2600_firmware< comboam4v2_pi_1.2.0.6c
NVDamd/ryzen_5_2700_firmware< comboam4v2_pi_1.2.0.6c
NVDamd/ryzen_7_2700_firmware< comboam4v2_pi_1.2.0.6c
NVDamd/ryzen_3_2200u_firmware< comboam4v2_pi_1.2.0.6c
NVDamd/ryzen_3_2300u_firmware< comboam4v2_pi_1.2.0.6c

🔴Vulnerability Details

2
GHSA
GHSA-cqhp-pw9h-ff47: A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially lead2022-07-15
CVEList
CVE-2021-26384: A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially lead2022-07-14
CVE-2021-26384 (HIGH CVSS 7.8) | A malformed SMI (System Management | cvebase.io