1. Home
  2. CVE Database
  3. CVE-2021-26346
MEDIUM · 5.5

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential ...

Vulnerability Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
AmdRyzen 3 3100 Firmware-
AmdRyzen 3 3100-
AmdRyzen 3 3200G Firmware-
AmdRyzen 3 3200G-
AmdRyzen 3 3200U Firmware-
AmdRyzen 3 3200U-
AmdRyzen 3 3250C Firmware-
AmdRyzen 3 3250C-
AmdRyzen 3 3250U Firmware-
AmdRyzen 3 3250U-
AmdRyzen 3 3300G Firmware-
AmdRyzen 3 3300G-
AmdRyzen 3 3300U Firmware-
AmdRyzen 3 3300U-
AmdRyzen 3 3300X Firmware-
AmdRyzen 3 3300X-
AmdRyzen 3 3350U Firmware-
AmdRyzen 3 3350U-
AmdRyzen 3 3450U Firmware-
AmdRyzen 3 3450U-

Related Weaknesses (CWE)

CWE-190

References

FAQ

What is CVE-2021-26346?

CVE-2021-26346 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential ...

How severe is CVE-2021-26346?

CVE-2021-26346 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26346?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3100, Amd Ryzen 3 3200G Firmware, Amd Ryzen 3 3200G, Amd Ryzen 3 3200U Firmware.