CVE-2021-26344

EUVD-2021-13150
An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
AMDCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
amdepyc_7601_firmware
-
amdepyc_7551p_firmware
-
amdepyc_7551_firmware
-
amdepyc_7501_firmware
-
amdepyc_7451_firmware
-
amdepyc_7401p_firmware
-
amdepyc_7401_firmware
-
amdepyc_7371_firmware
-
amdepyc_7351p_firmware
-
amdepyc_7351_firmware
-
amdepyc_7301_firmware
-
amdepyc_7281_firmware
-
amdepyc_7261_firmware
-
amdepyc_7251_firmware
-
amdepyc_7001_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html