CVE-2021-26361

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AMDCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
amdradeon_software
-
amdryzen_3_2200u_firmware
-
amdryzen_3_2300u_firmware
-
amdryzen_3_5125c_firmware
-
amdryzen_3_5400u_firmware
-
amdathlon_3050ge_firmware
-
amdathlon_3150ge_firmware
-
amdathlon_3150g_firmware
-
amdryzen_3_5425c_firmware
-
amdryzen_3_5425u_firmware
-
amdryzen_5_2500u_firmware
-
amdryzen_5_2600_firmware
-
amdryzen_5_2600h_firmware
-
amdryzen_5_2600x_firmware
-
amdryzen_5_5560u_firmware
-
amdryzen_5_5600h_firmware
-
amdryzen_5_5600hs_firmware
-
amdryzen_5_5600u_firmware
-
amdryzen_5_5600x_firmware
-
amdryzen_5_5625c_firmware
-
amdryzen_5_5625u_firmware
-
amdryzen_5_5700g_firmware
-
amdryzen_5_5700ge_firmware
-
amdryzen_7_2700u_firmware
-
amdryzen_7_2700_firmware
-
amdryzen_7_2700x_firmware
-
amdryzen_7_2800h_firmware
-
amdryzen_7_5800h_firmware
-
amdryzen_7_5800hs_firmware
-
amdryzen_7_5800u_firmware
-
amdryzen_7_5825c_firmware
-
amdryzen_7_5825u_firmware
-
amdryzen_9_5980hx_firmware
-
amdryzen_9_5980hs_firmware
-
amdryzen_9_5900hx_firmware
-
amdryzen_9_5900hs_firmware
-
𝑥
= Vulnerable software versions
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027