1. Home
  2. CVE Database
  3. CVE-2021-26387
LOW · 3.9

CVE-2021-26387

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading t...

Vulnerability Description

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

CVSS Score

3.9

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2021-26387?

CVE-2021-26387 is a vulnerability with a CVSS score of 3.9 (LOW). Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading t...

How severe is CVE-2021-26387?

CVE-2021-26387 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26387?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.