Vulnerability Description
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7763 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7763 | - |
| Amd | Epyc 7713P Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7713P | - |
| Amd | Epyc 7713 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7713 | - |
| Amd | Epyc 7663 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7663 | - |
| Amd | Epyc 7643 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7643 | - |
| Amd | Epyc 75F3 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 75F3 | - |
| Amd | Epyc 7543P Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7543P | - |
| Amd | Epyc 7543 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7543 | - |
| Amd | Epyc 7513 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7513 | - |
| Amd | Epyc 7453 Firmware | < milanpi-sp3_1.0.0.7 |
| Amd | Epyc 7453 | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031
FAQ
What is CVE-2021-26347?
CVE-2021-26347 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential ...
How severe is CVE-2021-26347?
CVE-2021-26347 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26347?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware, Amd Epyc 7713P, Amd Epyc 7713 Firmware.