CVE-2021-26404

CWE-20Improper Input Validation3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
AMD Epyc 7003 FirmwareAMD Epyc 7313 FirmwareAMD Epyc 7313p Firmware+21 more
Timeline
PublishedJan 11

Description

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages24 packages

NVDamd/epyc_7003_firmware< milanpi-sp3_1.0.0.9
NVDamd/epyc_7313_firmware< milanpi-sp3_1.0.0.9
NVDamd/epyc_7343_firmware< milanpi-sp3_1.0.0.9
NVDamd/epyc_73f3_firmware< milanpi-sp3_1.0.0.9
NVDamd/epyc_7413_firmware< milanpi-sp3_1.0.0.9

🔴Vulnerability Details

2
GHSA
GHSA-m5wf-22jj-7772: Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure2023-01-11
CVEList
CVE-2021-26404: Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure2023-01-10
CVE-2021-26404 (MEDIUM CVSS 5.5) | Improper input validation and bound | cvebase.io