Lucene search

[email protected]CVE-2021-26352

HistoryMay 10, 2022 - 7:15 p.m.

CVE-2021-26352

2022-05-1019:15:08

CWE-119

[email protected]

web.nvd.nist.gov

cve-2021-26352

nvd

security

smu

pcie

bound checks

denial of service

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

Affected configurations

NVD

Node

amdryzen_5_2600Match-

AND

amdryzen_5_2600_firmwareMatch-

Node

amdryzen_5_2600xMatch-

AND

amdryzen_5_2600x_firmwareMatch-

Node

amdryzen_5_2700xMatch-

AND

amdryzen_5_2700x_firmwareMatch-

Node

amdryzen_5_2700Match-

AND

amdryzen_5_2700_firmwareMatch-

Node

amdryzen_5_3600Match-

AND

amdryzen_5_3600_firmwareMatch-

Node

amdryzen_5_3600xMatch-

AND

amdryzen_5_3600x_firmwareMatch-

Node

amdryzen_7_3700xMatch-

AND

amdryzen_7_3700x_firmwareMatch-

Node

amdryzen_7_3800xMatch-

AND

amdryzen_7_3800x_firmwareMatch-

Node

amdryzen_9_3900xMatch-

AND

amdryzen_9_3900x_firmwareMatch-

Node

amdryzen_9_3950xMatch-

AND

amdryzen_9_3950x_firmwareMatch-

Node

amdryzen_9_5950xMatch-

AND

amdryzen_9_5950x_firmwareMatch-

Node

amdryzen_9_5900xMatch-

AND

amdryzen_9_5900x_firmwareMatch-

Node

amdryzen_7_5800xMatch-

AND

amdryzen_7_5800x_firmwareMatch-

Node

amdryzen_7_5700gMatch-

AND

amdryzen_7_5700g_firmwareMatch-

Node

amdryzen_7_5700geMatch-

AND

amdryzen_7_5700ge_firmwareMatch-

Node

amdryzen_5_5600gMatch-

AND

amdryzen_5_5600g_firmwareMatch-

Node

amdryzen_5_5600xMatch-

AND

amdryzen_5_5600x_firmwareMatch-

Node

amdryzen_5_5600geMatch-

AND

amdryzen_5_5600ge_firmwareMatch-

Node

amdryzen_3_5300g_firmwareMatch-

AND

amdryzen_3_5300gMatch-

Node

amdryzen_3_5300ge_firmwareMatch-

AND

amdryzen_3_5300geMatch-

Node

amdryzen_threadripper_2990wx_firmwareMatch-

AND

amdryzen_threadripper_2990wxMatch-

Node

amdryzen_threadripper_2970wx_firmwareMatch-

AND

amdryzen_threadripper_2970wxMatch-

Node

amdryzen_threadripper_2950x_firmwareMatch-

AND

amdryzen_threadripper_2950xMatch-

Node

amdryzen_threadripper_2920x_firmwareMatch-

AND

amdryzen_threadripper_2920xMatch-

Node

amdryzen_threadripper_3970x_firmwareMatch-

AND

amdryzen_threadripper_3970xMatch-

Node

amdryzen_threadripper_pro_5995wx_firmwareMatch-

AND

amdryzen_threadripper_pro_5995wxMatch-

Node

amdryzen_threadripper_pro_5975wx_firmwareMatch-

AND

amdryzen_threadripper_pro_5975wxMatch-

Node

amdryzen_threadripper_pro_5965wx_firmwareMatch-

AND

amdryzen_threadripper_pro_5965wxMatch-

Node

amdryzen_threadripper_pro_5955wx_firmwareMatch-

AND

amdryzen_threadripper_pro_5955wxMatch-

Node

amdryzen_threadripper_pro_5945wx_firmwareMatch-

AND

amdryzen_threadripper_pro_5945wxMatch-

CPENameOperatorVersion
amd:ryzen_5_2600_firmwareamd ryzen 5 2600 firmwareeq-

CPE	Name	Operator	Version
amd:ryzen_5_2600_firmware	amd ryzen 5 2600 firmware	eq	-

CNA Affected

[
  {
    "product": "Ryzen™ Series ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "product": " Athlon™ Series ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Social References

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2021-26352

prion1 cvelist1 nvd1 hp1 amd2