CVE-2021-26365

Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AMDCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
amdryzen_5_2400g_firmware
-
amdryzen_5_2400ge_firmware
-
amdryzen_3_2200ge_firmware
-
amdryzen_3_2200g_firmware
-
amdryzen_3_pro_2100ge_firmware
-
amdryzen_9_5900x_firmware
-
amdryzen_9_5950x_firmware
-
amdryzen_9_5900_firmware
-
amdryzen_7_5800_firmware
-
amdryzen_7_5800x_firmware
-
amdryzen_7_5800x3d_firmware
-
amdryzen_7_5700x_firmware
-
amdryzen_5_5600_firmware
-
amdryzen_5_5600x_firmware
-
amdryzen_5_5500_firmware
-
amdryzen_7_2800h_firmware
-
amdryzen_7_2700u_firmware
-
amdryzen_5_2600h_firmware
-
amdryzen_5_2500u_firmware
-
amdryzen_3_2300u_firmware
-
amdryzen_3_2200u_firmware
-
amdryzen_5_3400g_firmware
-
amdryzen_5_pro_3400g_firmware
-
amdryzen_5_pro_3400ge_firmware
-
amdryzen_5_pro_3350g_firmware
-
amdryzen_5_pro_3350ge_firmware
-
amdryzen_3_pro_3200g_firmware
-
amdryzen_3_3200g_firmware
-
amdryzen_3_3200ge_firmware
-
amdryzen_3_pro_3200ge_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001