Versio.io

CVE-2021-26335

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 16-11-2021 08:15
Last modified: - 12-05-2022 08:16
Total changes: - 2

Description

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.8
Base score
1.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=amd AND product=epyc_7003_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7003 AND version=-
AND
OR
vendor=amd AND product=epyc_7002_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7002 AND version=-
AND
OR
vendor=amd AND product=epyc_7001_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7001 AND version=-
AND
OR
vendor=amd AND product=epyc_72f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_72f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7313_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7313 AND version=-
AND
OR
vendor=amd AND product=epyc_7313p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7313p AND version=-
AND
OR
vendor=amd AND product=epyc_7343_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7343 AND version=-
AND
OR
vendor=amd AND product=epyc_73f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_73f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7413_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7413 AND version=-
AND
OR
vendor=amd AND product=epyc_7443_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7443 AND version=-
AND
OR
vendor=amd AND product=epyc_7443p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7443p AND version=-
AND
OR
vendor=amd AND product=epyc_7453_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7453 AND version=-
AND
OR
vendor=amd AND product=epyc_74f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_74f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7513_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7513 AND version=-
AND
OR
vendor=amd AND product=epyc_7543_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7543 AND version=-
AND
OR
vendor=amd AND product=epyc_7543p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7543p AND version=-
AND
OR
vendor=amd AND product=epyc_75f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_75f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7643_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7643 AND version=-
AND
OR
vendor=amd AND product=epyc_7663_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7663 AND version=-
AND
OR
vendor=amd AND product=epyc_7713_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7713 AND version=-
AND
OR
vendor=amd AND product=epyc_7713p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7713p AND version=-
AND
OR
vendor=amd AND product=epyc_7763_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7763 AND version=-
AND
OR
vendor=amd AND product=epyc_7232p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7232p AND version=-
AND
OR
vendor=amd AND product=epyc_7252_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7252 AND version=-
AND
OR
vendor=amd AND product=epyc_7262_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7262 AND version=-
AND
OR
vendor=amd AND product=epyc_7272_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7272 AND version=-
AND
OR
vendor=amd AND product=epyc_7282_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7282 AND version=-
AND
OR
vendor=amd AND product=epyc_7302_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7302 AND version=-
AND
OR
vendor=amd AND product=epyc_7302p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7302p AND version=-
AND
OR
vendor=amd AND product=epyc_7352_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7352 AND version=-
AND
OR
vendor=amd AND product=epyc_7402_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7402 AND version=-
AND
OR
vendor=amd AND product=epyc_7402p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7402p AND version=-
AND
OR
vendor=amd AND product=epyc_7452_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7452 AND version=-
AND
OR
vendor=amd AND product=epyc_7502_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7502 AND version=-
AND
OR
vendor=amd AND product=epyc_7502p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7502p AND version=-
AND
OR
vendor=amd AND product=epyc_7532_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7532 AND version=-
AND
OR
vendor=amd AND product=epyc_7542_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7542 AND version=-
AND
OR
vendor=amd AND product=epyc_7552_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7552 AND version=-
AND
OR
vendor=amd AND product=epyc_7642_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7642 AND version=-
AND
OR
vendor=amd AND product=epyc_7662_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7662 AND version=-
AND
OR
vendor=amd AND product=epyc_7702_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7702 AND version=-
AND
OR
vendor=amd AND product=epyc_7702p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7702p AND version=-
AND
OR
vendor=amd AND product=epyc_7742_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7742 AND version=-
AND
OR
vendor=amd AND product=epyc_7f32_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f32 AND version=-
AND
OR
vendor=amd AND product=epyc_7f52_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f52 AND version=-
AND
OR
vendor=amd AND product=epyc_7f72_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f72 AND version=-
AND
OR
vendor=amd AND product=epyc_7251_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7251 AND version=-
AND
OR
vendor=amd AND product=epyc_7281_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7281 AND version=-
AND
OR
vendor=amd AND product=epyc_7301_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7301 AND version=-
AND
OR
vendor=amd AND product=epyc_7351_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7351 AND version=-
AND
OR
vendor=amd AND product=epyc_7351p_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7351p AND version=-
AND
OR
vendor=amd AND product=epyc_7401_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7401 AND version=-
AND
OR
vendor=amd AND product=epyc_7401p_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7401p AND version=-
AND
OR
vendor=amd AND product=epyc_7451_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7451 AND version=-
AND
OR
vendor=amd AND product=epyc_7501_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7501 AND version=-
AND
OR
vendor=amd AND product=epyc_7551_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7551 AND version=-
AND
OR
vendor=amd AND product=epyc_7551p_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7551p AND version=-
AND
OR
vendor=amd AND product=epyc_7601_firmware AND versionEndExcluding=naplespi-sp3_1.0.0.g
OR
vendor=amd AND product=epyc_7601 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2021-26335

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.