1. Home
  2. CVE Database
  3. CVE-2021-26365
HIGH · 8.2

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bo...

Vulnerability Description

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
AmdRyzen 5 2400G Firmware-
AmdRyzen 5 2400G-
AmdRyzen 5 2400Ge Firmware-
AmdRyzen 5 2400Ge-
AmdRyzen 3 2200Ge Firmware-
AmdRyzen 3 2200Ge-
AmdRyzen 3 2200G Firmware-
AmdRyzen 3 2200G-
AmdRyzen 3 Pro 2100Ge Firmware-
AmdRyzen 3 Pro 2100Ge-
AmdRyzen 9 5900X Firmware-
AmdRyzen 9 5900X-
AmdRyzen 9 5950X Firmware-
AmdRyzen 9 5950X-
AmdRyzen 9 5900 Firmware-
AmdRyzen 9 5900-
AmdRyzen 7 5800 Firmware-
AmdRyzen 7 5800-
AmdRyzen 7 5800X Firmware-
AmdRyzen 7 5800X-

Related Weaknesses (CWE)

CWE-125

References

FAQ

What is CVE-2021-26365?

CVE-2021-26365 is a vulnerability with a CVSS score of 8.2 (HIGH). Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bo...

How severe is CVE-2021-26365?

CVE-2021-26365 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26365?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 5 2400G Firmware, Amd Ryzen 5 2400G, Amd Ryzen 5 2400Ge Firmware, Amd Ryzen 5 2400Ge, Amd Ryzen 3 2200Ge Firmware.