CVE-2021-26390

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AMDCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
amdryzen_5_2600_firmware
-
amdryzen_5_2600x_firmware
-
amdryzen_5_2700x_firmware
-
amdryzen_5_2700_firmware
-
amdryzen_5_3600_firmware
-
amdryzen_5_3600x_firmware
-
amdryzen_7_3700x_firmware
-
amdryzen_7_3800x_firmware
-
amdryzen_9_3900x_firmware
-
amdryzen_9_3950x_firmware
-
amdryzen_9_5950x_firmware
-
amdryzen_9_5900x_firmware
-
amdryzen_7_5800x_firmware
-
amdryzen_7_5700g_firmware
-
amdryzen_7_5700ge_firmware
-
amdryzen_5_5600g_firmware
-
amdryzen_5_5600x_firmware
-
amdryzen_5_5600ge_firmware
-
amdryzen_3_5300g_firmware
-
amdryzen_3_5300ge_firmware
-
amdryzen_threadripper_2990wx_firmware
-
amdryzen_threadripper_2970wx_firmware
-
amdryzen_threadripper_2950x_firmware
-
amdryzen_threadripper_2920x_firmware
-
amdryzen_threadripper_3970x_firmware
-
amdryzen_threadripper_pro_5995wx_firmware
-
amdryzen_threadripper_pro_5975wx_firmware
-
amdryzen_threadripper_pro_5965wx_firmware
-
amdryzen_threadripper_pro_5955wx_firmware
-
amdryzen_threadripper_pro_5945wx_firmware
-
amdryzen_7_3750h_firmware
-
amdryzen_7_3700u_firmware
-
amdryzen_5_3550h_firmware
-
amdryzen_5_3500u_firmware
-
amdryzen_3_3300u_firmware
-
amdryzen_3_3200u_firmware
-
amdathlon_300u_firmware
-
𝑥
= Vulnerable software versions
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027