CVE-2021-26354 — MEDIUM (5.5)

Q: How severe is CVE-2021-26354?

CVE-2021-26354 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-26354?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7773X Firmware, Amd Epyc 7773X, Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware.

Vulnerability Description

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Amd	Epyc 7773X Firmware	< milanpi_1.0.0.6
Amd	Epyc 7773X	-
Amd	Epyc 7763 Firmware	< milanpi_1.0.0.6
Amd	Epyc 7763	-
Amd	Epyc 7713P Firmware	< milanpi_1.0.0.6
Amd	Epyc 7713P	-
Amd	Epyc 7713 Firmware	< milanpi_1.0.0.6
Amd	Epyc 7713	-
Amd	Epyc 7663 Firmware	< milanpi_1.0.0.6
Amd	Epyc 7663	-
Amd	Epyc 7643 Firmware	< milanpi_1.0.0.6
Amd	Epyc 7643	-
Amd	Epyc 75F3 Firmware	< milanpi_1.0.0.6
Amd	Epyc 75F3	-
Amd	Epyc 7573X Firmware	< milanpi_1.0.0.6
Amd	Epyc 7573X	-
Amd	Epyc 7543P Firmware	< milanpi_1.0.0.6
Amd	Epyc 7543P	-
Amd	Epyc 7543 Firmware	< milanpi_1.0.0.6
Amd	Epyc 7543	-

Related Weaknesses (CWE)

CWE-120

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001Vendor Advisory

FAQ

What is CVE-2021-26354?

CVE-2021-26354 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss...

How severe is CVE-2021-26354?

CVE-2021-26354 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26354?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7773X Firmware, Amd Epyc 7773X, Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware.