Versio.io

CVE-2021-26370

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 10-05-2022 09:15
Last modified: - 18-05-2022 05:47
Total changes: - 3

Description

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
None
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.1
Base score
1.8
5.2
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=amd AND product=epyc_7763_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7763 AND version=-
AND
OR
vendor=amd AND product=epyc_7713p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7713p AND version=-
AND
OR
vendor=amd AND product=epyc_7713_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7713 AND version=-
AND
OR
vendor=amd AND product=epyc_7663_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7663 AND version=-
AND
OR
vendor=amd AND product=epyc_7643_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7643 AND version=-
AND
OR
vendor=amd AND product=epyc_75f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_75f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7543p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7543p AND version=-
AND
OR
vendor=amd AND product=epyc_7543_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7543 AND version=-
AND
OR
vendor=amd AND product=epyc_7513_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7513 AND version=-
AND
OR
vendor=amd AND product=epyc_7453_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7453 AND version=-
AND
OR
vendor=amd AND product=epyc_74f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_74f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7443p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7443p AND version=-
AND
OR
vendor=amd AND product=epyc_7443_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7443 AND version=-
AND
OR
vendor=amd AND product=epyc_7413_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7413 AND version=-
AND
OR
vendor=amd AND product=epyc_73f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_73f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7343_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7343 AND version=-
AND
OR
vendor=amd AND product=epyc_7313p_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7313p AND version=-
AND
OR
vendor=amd AND product=epyc_7313_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7313 AND version=-
AND
OR
vendor=amd AND product=epyc_72f3_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_72f3 AND version=-
AND
OR
vendor=amd AND product=epyc_7773x_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7773x AND version=-
AND
OR
vendor=amd AND product=epyc_7473x_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7473x AND version=-
AND
OR
vendor=amd AND product=epyc_7573x_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7573x AND version=-
AND
OR
vendor=amd AND product=epyc_7373x_firmware AND versionEndExcluding=milanpi-sp3_1.0.0.4
OR
vendor=amd AND product=epyc_7373x AND version=-
AND
OR
vendor=amd AND product=epyc_7002_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7002 AND version=-
AND
OR
vendor=amd AND product=epyc_7232p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7232p AND version=-
AND
OR
vendor=amd AND product=epyc_7252_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7252 AND version=-
AND
OR
vendor=amd AND product=epyc_7262_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7262 AND version=-
AND
OR
vendor=amd AND product=epyc_7272_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7272 AND version=-
AND
OR
vendor=amd AND product=epyc_7282_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7282 AND version=-
AND
OR
vendor=amd AND product=epyc_7302_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7302 AND version=-
AND
OR
vendor=amd AND product=epyc_7302p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7302p AND version=-
AND
OR
vendor=amd AND product=epyc_7352_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7352 AND version=-
AND
OR
vendor=amd AND product=epyc_7402_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7402 AND version=-
AND
OR
vendor=amd AND product=epyc_7402p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7402p AND version=-
AND
OR
vendor=amd AND product=epyc_7452_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7452 AND version=-
AND
OR
vendor=amd AND product=epyc_7502_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7502 AND version=-
AND
OR
vendor=amd AND product=epyc_7502p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7502p AND version=-
AND
OR
vendor=amd AND product=epyc_7532_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7532 AND version=-
AND
OR
vendor=amd AND product=epyc_7542_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7542 AND version=-
AND
OR
vendor=amd AND product=epyc_7552_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7552 AND version=-
AND
OR
vendor=amd AND product=epyc_7642_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7642 AND version=-
AND
OR
vendor=amd AND product=epyc_7662_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7662 AND version=-
AND
OR
vendor=amd AND product=epyc_7702_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7702 AND version=-
AND
OR
vendor=amd AND product=epyc_7702p_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7702p AND version=-
AND
OR
vendor=amd AND product=epyc_7742_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7742 AND version=-
AND
OR
vendor=amd AND product=epyc_7f72_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f72 AND version=-
AND
OR
vendor=amd AND product=epyc_7f52_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f52 AND version=-
AND
OR
vendor=amd AND product=epyc_7f32_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7f32 AND version=-
AND
OR
vendor=amd AND product=epyc_7h12_firmware AND versionEndExcluding=romepi-sp3_1.0.0.c
OR
vendor=amd AND product=epyc_7h12 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2021-26370

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.