cbcvebase.
CVE-2021-26402
published 2023-01-11

CVE-2021-26402: Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled…

high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

Affected

52 ranges· showing 25
VendorProductVersion rangeFixed in
amd2nd_gen_epyc
amd3rd_gen_epyc
amdepyc_7002_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7003_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7232p_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7252_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7262_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7272_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7282_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_72f3_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7302_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7302p_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7313_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7313p_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7343_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7352_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7373x_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_73f3_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7402_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7402p_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7413_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7443_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7443p_firmware< milanpi_1.0.0.4milanpi_1.0.0.4
amdepyc_7452_firmware< romepi_1.0.0.cromepi_1.0.0.c
amdepyc_7453_firmware< milanpi_1.0.0.4milanpi_1.0.0.4