Vulnerability Description
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7203 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7203 | - |
| Amd | Epyc 7203P Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7203P | - |
| Amd | Epyc 72F3 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 72F3 | - |
| Amd | Epyc 7303 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7303 | - |
| Amd | Epyc 7303P Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7303P | - |
| Amd | Epyc 7313 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7313 | - |
| Amd | Epyc 7313P Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7313P | - |
| Amd | Epyc 7343 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7343 | - |
| Amd | Epyc 73F3 Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 73F3 | - |
| Amd | Epyc 7373X Firmware | < milanpi_1.0.0.5 |
| Amd | Epyc 7373X | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2021-26344?
CVE-2021-26344 is a vulnerability with a CVSS score of 7.2 (HIGH). An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting im...
How severe is CVE-2021-26344?
CVE-2021-26344 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26344?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7203 Firmware, Amd Epyc 7203, Amd Epyc 7203P Firmware, Amd Epyc 7203P, Amd Epyc 72F3 Firmware.