CVE-2021-26388

CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

109

AMD Epyc 7232p Firmware AMD Epyc 7252 Firmware AMD Epyc 7262 Firmware +106 more

Timeline

PublishedMay 11

Latest updateMay 12

Description

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages109 packages

▶NVDamd/ryzen_threadripper_1900x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_1920x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_1950x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_2920x_firmware< summitpi-sp3r2_1.1.0.5+1

▶NVDamd/ryzen_threadripper_2950x_firmware< summitpi-sp3r2_1.1.0.5+1

🔴Vulnerability Details

GHSA

GHSA-m5c3-2jmp-mhm6: Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory content↗2022-05-12

▶

CVEList

CVE-2021-26388: Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory content↗2022-05-11

▶