cbcvebase.
CVE-2021-26398
published 2023-01-11

CVE-2021-26398: Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Affected

67 ranges· showing 25
VendorProductVersion rangeFixed in
amd1st_gen_epyc
amd2nd_gen_epyc
amd3rd_gen_epyc
amdepyc_7001_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7002_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7003_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7232p_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7251_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7252_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7261_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7262_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7272_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7281_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7282_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_72f3_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7301_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7302_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7302p_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7313_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7313p_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7343_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7351_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7352_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7371_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7373x_firmware< milanpi_1.0.0.4milanpi_1.0.0.4