Vulnerability Description
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7003 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7003 | - |
| Amd | Epyc 72F3 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 72F3 | - |
| Amd | Epyc 7313 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7313 | - |
| Amd | Epyc 7313P Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7313P | - |
| Amd | Epyc 7343 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7343 | - |
| Amd | Epyc 7373X Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7373X | - |
| Amd | Epyc 73F3 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 73F3 | - |
| Amd | Epyc 7413 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7413 | - |
| Amd | Epyc 7443 Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7443 | - |
| Amd | Epyc 7443P Firmware | < milanpi_1.0.0.3 |
| Amd | Epyc 7443P | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032Vendor Advisory
FAQ
What is CVE-2021-26343?
CVE-2021-26343 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
How severe is CVE-2021-26343?
CVE-2021-26343 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26343?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7003 Firmware, Amd Epyc 7003, Amd Epyc 72F3 Firmware, Amd Epyc 72F3, Amd Epyc 7313 Firmware.