1. Home
  2. CVE Database
  3. CVE-2021-26317
HIGH · 7.8

CVE-2021-26317

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

Vulnerability Description

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmdRadeon Software-
AmdRyzen 3 2200U Firmware-
AmdRyzen 3 2200U-
AmdRyzen 5300G Firmware-
AmdRyzen 5300G-
AmdRyzen 5300Ge Firmware-
AmdRyzen 5300Ge-
AmdRyzen 5600G Firmware-
AmdRyzen 5600G-
AmdRyzen 5600Ge Firmware-
AmdRyzen 5600Ge-
AmdRyzen 5600X Firmware-
AmdRyzen 5600X-
AmdRyzen 5700G Firmware-
AmdRyzen 5700G-
AmdRyzen 5700Ge Firmware-
AmdRyzen 5700Ge-
AmdAthlon 3050Ge Firmware-
AmdAthlon 3050Ge-
AmdAthlon 3150G Firmware-

References

FAQ

What is CVE-2021-26317?

CVE-2021-26317 is a vulnerability with a CVSS score of 7.8 (HIGH). Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

How severe is CVE-2021-26317?

CVE-2021-26317 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26317?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Radeon Software, Amd Ryzen 3 2200U Firmware, Amd Ryzen 3 2200U, Amd Ryzen 5300G Firmware, Amd Ryzen 5300G.