Vulnerability Description
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7232P Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7232P | - |
| Amd | Epyc 7302P Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7302P | - |
| Amd | Epyc 7402P Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7402P | - |
| Amd | Epyc 7502P Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7502P | - |
| Amd | Epyc 7702P Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7702P | - |
| Amd | Epyc 7252 Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7252 | - |
| Amd | Epyc 7262 Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7262 | - |
| Amd | Epyc 7272 Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7272 | - |
| Amd | Epyc 7282 Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7282 | - |
| Amd | Epyc 7302 Firmware | < romepi-sp3_1.0.0.d |
| Amd | Epyc 7302 | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028Vendor Advisory
FAQ
What is CVE-2021-26364?
CVE-2021-26364 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential...
How severe is CVE-2021-26364?
CVE-2021-26364 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26364?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7232P Firmware, Amd Epyc 7232P, Amd Epyc 7302P Firmware, Amd Epyc 7302P, Amd Epyc 7402P Firmware.