1. Home
  2. CVE Database
  3. CVE-2021-26371
MEDIUM · 5.5

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. ...

Vulnerability Description

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AmdEpyc 7773X Firmware< milanpi_1.0.0.6
AmdEpyc 7773X-
AmdEpyc 7763 Firmware< milanpi_1.0.0.6
AmdEpyc 7763-
AmdEpyc 7713P Firmware< milanpi_1.0.0.6
AmdEpyc 7713P-
AmdEpyc 7713 Firmware< milanpi_1.0.0.6
AmdEpyc 7713-
AmdEpyc 7663 Firmware< milanpi_1.0.0.6
AmdEpyc 7663-
AmdEpyc 7643 Firmware< milanpi_1.0.0.6
AmdEpyc 7643-
AmdEpyc 75F3 Firmware< milanpi_1.0.0.6
AmdEpyc 75F3-
AmdEpyc 7573X Firmware< milanpi_1.0.0.6
AmdEpyc 7573X-
AmdEpyc 7543P Firmware< milanpi_1.0.0.6
AmdEpyc 7543P-
AmdEpyc 7543 Firmware< milanpi_1.0.0.6
AmdEpyc 7543-

References

FAQ

What is CVE-2021-26371?

CVE-2021-26371 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. ...

How severe is CVE-2021-26371?

CVE-2021-26371 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26371?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7773X Firmware, Amd Epyc 7773X, Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware.