CVE-2021-26347

UNKNOWN

Published 2022-05-11T16:22:09.774768Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-26347. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

AMD

Ryzen 5000 Series

Affected Versions:

various

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-3mg2-q757-f3m2

Advisory Details

TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-26347

WEB https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

WEB https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Advisory provided by GitHub Security Advisory Database. Published: May 12, 2022, Modified: May 20, 2022

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

Published: 2022-05-11T16:22:09.774768Z

Last Modified: 2024-08-03T20:26:25.052Z

Copied to clipboard!

CVE-2021-26347

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Ryzen 5000 Series

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!