CVE-2021-26344

An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
AMDCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
amdepyc_7601_firmware
-
amdepyc_7551p_firmware
-
amdepyc_7551_firmware
-
amdepyc_7501_firmware
-
amdepyc_7451_firmware
-
amdepyc_7401p_firmware
-
amdepyc_7401_firmware
-
amdepyc_7371_firmware
-
amdepyc_7351p_firmware
-
amdepyc_7351_firmware
-
amdepyc_7301_firmware
-
amdepyc_7281_firmware
-
amdepyc_7261_firmware
-
amdepyc_7251_firmware
-
amdepyc_7001_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html