Lucene search
HistoryMay 09, 2023 - 7:15 p.m.
CVE-2021-26354
cve-2021-26354
insufficient bounds checking
asp
system call
compromised abl
memory values
integrity loss
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
Affected configurations
Node
amdepyc_7773x_firmwareRange<milanpi_1.0.0.6
amdepyc_7773xMatch-
Node
amdepyc_7763_firmwareRange<milanpi_1.0.0.6
amdepyc_7763Match-
Node
amdepyc_7713p_firmwareRange<milanpi_1.0.0.6
amdepyc_7713pMatch-
Node
amdepyc_7713_firmwareRange<milanpi_1.0.0.6
amdepyc_7713Match-
Node
amdepyc_7663_firmwareRange<milanpi_1.0.0.6
amdepyc_7663Match-
Node
amdepyc_7643_firmwareRange<milanpi_1.0.0.6
amdepyc_7643Match-
Node
amdepyc_75f3_firmwareRange<milanpi_1.0.0.6
amdepyc_75f3Match-
Node
amdepyc_7573x_firmwareRange<milanpi_1.0.0.6
amdepyc_7573xMatch-
Node
amdepyc_7543p_firmwareRange<milanpi_1.0.0.6
amdepyc_7543pMatch-
Node
amdepyc_7543_firmwareRange<milanpi_1.0.0.6
amdepyc_7543Match-
Node
amdepyc_7513_firmwareRange<milanpi_1.0.0.6
amdepyc_7513Match-
Node
amdepyc_74f3_firmwareRange<milanpi_1.0.0.6
amdepyc_74f3Match-
Node
amdepyc_7473x_firmwareRange<milanpi_1.0.0.6
amdepyc_7473xMatch-
Node
amdepyc_7453_firmwareRange<milanpi_1.0.0.6
amdepyc_7453Match-
Node
amdepyc_7443p_firmwareRange<milanpi_1.0.0.6
amdepyc_7443pMatch-
Node
amdepyc_7443_firmwareRange<milanpi_1.0.0.6
amdepyc_7443Match-
Node
amdepyc_7413_firmwareRange<milanpi_1.0.0.6
amdepyc_7413Match-
Node
amdepyc_73f3_firmwareRange<milanpi_1.0.0.6
amdepyc_73f3Match-
Node
amdepyc_7373x_firmwareRange<milanpi_1.0.0.6
amdepyc_7373xMatch-
Node
amdepyc_7343_firmwareRange<milanpi_1.0.0.6
amdepyc_7343Match-
Node
amdepyc_7313p_firmwareRange<milanpi_1.0.0.6
amdepyc_7313pMatch-
Node
amdepyc_7313_firmwareRange<milanpi_1.0.0.6
amdepyc_7313Match-
Node
amdepyc_72f3_firmwareRange<milanpi_1.0.0.6
amdepyc_72f3Match-
Node
amdepyc_7003_firmwareRange<milanpi_1.0.0.6
amdepyc_7003Match-
Node
amdepyc_7002_firmwareRange<romepi_1.0.0.d
amdepyc_7002Match-
Node
amdepyc_7232p_firmwareRange<romepi_1.0.0.d
amdepyc_7232pMatch-
Node
amdepyc_7252_firmwareRange<romepi_1.0.0.d
amdepyc_7252Match-
Node
amdepyc_7262_firmwareRange<romepi_1.0.0.d
amdepyc_7262Match-
Node
amdepyc_7272_firmwareRange<romepi_1.0.0.d
amdepyc_7272Match-
Node
amdepyc_7282_firmwareRange<romepi_1.0.0.d
amdepyc_7282Match-
Node
amdepyc_7302_firmwareRange<romepi_1.0.0.d
amdepyc_7302Match-
Node
amdepyc_7302p_firmwareRange<romepi_1.0.0.d
amdepyc_7302pMatch-
Node
amdepyc_7352_firmwareRange<romepi_1.0.0.d
amdepyc_7352Match-
Node
amdepyc_7402_firmwareRange<romepi_1.0.0.d
amdepyc_7402Match-
Node
amdepyc_7402p_firmwareRange<romepi_1.0.0.d
amdepyc_7402pMatch-
Node
amdepyc_7452_firmwareRange<romepi_1.0.0.d
amdepyc_7452Match-
Node
amdepyc_7502_firmwareRange<romepi_1.0.0.d
amdepyc_7502Match-
Node
amdepyc_7502p_firmwareRange<romepi_1.0.0.d
amdepyc_7502pMatch-
Node
amdepyc_7532_firmwareRange<romepi_1.0.0.d
amdepyc_7532Match-
Node
amdepyc_7542_firmwareRange<romepi_1.0.0.d
amdepyc_7542Match-
Node
amdepyc_7552_firmwareRange<romepi_1.0.0.d
amdepyc_7552Match-
Node
amdepyc_7642_firmwareRange<romepi_1.0.0.d
amdepyc_7642Match-
Node
amdepyc_7662_firmwareRange<romepi_1.0.0.d
amdepyc_7662Match-
Node
amdepyc_7702_firmwareRange<romepi_1.0.0.d
amdepyc_7702Match-
Node
amdepyc_7702p_firmwareRange<romepi_1.0.0.d
amdepyc_7702pMatch-
Node
amdepyc_7742_firmwareRange<romepi_1.0.0.d
amdepyc_7742Match-
Node
amdepyc_7f32_firmwareRange<romepi_1.0.0.d
amdepyc_7f32Match-
Node
amdepyc_7f52_firmwareRange<romepi_1.0.0.d
amdepyc_7f52Match-
Node
amdepyc_7f72_firmwareRange<romepi_1.0.0.d
amdepyc_7f72Match-
Node
amdepyc_7h12_firmwareRange<romepi_1.0.0.d
amdepyc_7h12Match-
Node
amdryzen_5_2400g_firmwareMatch-
amdryzen_5_2400gMatch-
Node
amdryzen_5_2400ge_firmwareMatch-
amdryzen_5_2400geMatch-
Node
amdryzen_3_2200g_firmwareMatch-
amdryzen_3_2200gMatch-
Node
amdryzen_3_2200ge_firmwareMatch-
amdryzen_3_2200geMatch-
Node
amdryzen_3_pro_2100ge_firmwareMatch-
amdryzen_3_pro_2100geMatch-
Node
amdryzen_7_2700x_firmwareMatch-
amdryzen_7_2700xMatch-
Node
amdryzen_7_2700_firmwareMatch-
amdryzen_7_2700Match-
Node
amdryzen_7_2700e_firmwareMatch-
amdryzen_7_2700eMatch-
Node
amdryzen_5_2600x_firmwareMatch-
amdryzen_5_2600xMatch-
Node
amdryzen_5_2600_firmwareMatch-
amdryzen_5_2600Match-
Node
amdryzen_5_2600e_firmwareMatch-
amdryzen_5_2600eMatch-
Node
amdryzen_5_2500x_firmwareMatch-
amdryzen_5_2500xMatch-
Node
amdryzen_5_1600_af_firmwareMatch-
amdryzen_5_1600_afMatch-
Node
amdryzen_3_2300x_firmwareMatch-
amdryzen_3_2300xMatch-
Node
amdryzen_3_1200_af_firmwareMatch-
amdryzen_3_1200_afMatch-
Node
amdryzen_9_3950x_firmwareMatch-
amdryzen_9_3950xMatch-
Node
amdryzen_9_3900xt_firmwareMatch-
amdryzen_9_3900xtMatch-
Node
amdryzen_9_3900x_firmwareMatch-
amdryzen_9_3900xMatch-
Node
amdryzen_9_3900_firmwareMatch-
amdryzen_9_3900Match-
Node
amdryzen_7_3800xt_firmwareMatch-
amdryzen_7_3800xtMatch-
Node
amdryzen_7_3800x_firmwareMatch-
amdryzen_7_3800xMatch-
Node
amdryzen_7_3700x_firmwareMatch-
amdryzen_7_3700xMatch-
Node
amdryzen_5_3600xt_firmwareMatch-
amdryzen_5_3600xtMatch-
Node
amdryzen_5_3600x_firmwareMatch-
amdryzen_5_3600xMatch-
Node
amdryzen_5_3600_firmwareMatch-
amdryzen_5_3600Match-
Node
amdryzen_5_3500x_firmwareMatch-
amdryzen_5_3500xMatch-
Node
amdryzen_5_3500_firmwareMatch-
amdryzen_5_3500Match-
Node
amdryzen_3_3300x_firmwareMatch-
amdryzen_3_3300xMatch-
Node
amdryzen_3_3100_firmwareMatch-
amdryzen_3_3100Match-
Node
amdryzen_9_5950x_firmwareMatch-
amdryzen_9_5950xMatch-
Node
amdryzen_9_5900x_firmwareMatch-
amdryzen_9_5900xMatch-
Node
amdryzen_9_5900_firmwareMatch-
amdryzen_9_5900Match-
Node
amdryzen_7_5800x3d_firmwareMatch-
amdryzen_7_5800x3dMatch-
Node
amdryzen_7_5800x_firmwareMatch-
amdryzen_7_5800xMatch-
Node
amdryzen_7_5800_firmwareMatch-
amdryzen_7_5800Match-
Node
amdryzen_7_5700x_firmwareMatch-
amdryzen_7_5700xMatch-
Node
amdryzen_5_5600x_firmwareMatch-
amdryzen_5_5600xMatch-
Node
amdryzen_5_5600_firmwareMatch-
amdryzen_5_5600Match-
Node
amdryzen_5_5500_firmwareMatch-
amdryzen_5_5500Match-
Node
amdryzen_7_5700g_firmwareMatch-
amdryzen_7_5700gMatch-
Node
amdryzen_7_5700ge_firmwareMatch-
amdryzen_7_5700geMatch-
Node
amdryzen_5_5600g_firmwareMatch-
amdryzen_5_5600gMatch-
Node
amdryzen_5_5600ge_firmwareMatch-
amdryzen_5_5600geMatch-
Node
amdryzen_3_5300g_firmwareMatch-
amdryzen_3_5300gMatch-
Node
amdryzen_3_5300ge_firmwareMatch-
amdryzen_3_5300geMatch-
Node
amdryzen_threadripper_2990wx_firmwareMatch-
amdryzen_threadripper_2990wxMatch-
Node
amdryzen_threadripper_2970wx_firmwareMatch-
amdryzen_threadripper_2970wxMatch-
Node
amdryzen_threadripper_2950x_firmwareMatch-
amdryzen_threadripper_2950xMatch-
Node
amdryzen_threadripper_2920x_firmwareMatch-
amdryzen_threadripper_2920xMatch-
Node
amdryzen_threadripper_pro_3945wx_firmwareMatch-
amdryzen_threadripper_pro_3945wxMatch-
Node
amdryzen_threadripper_pro_3955wx_firmwareMatch-
amdryzen_threadripper_pro_3955wxMatch-
Node
amdryzen_threadripper_pro_3975wx_firmwareMatch-
amdryzen_threadripper_pro_3975wxMatch-
Node
amdryzen_threadripper_pro_3995wx_firmwareMatch-
amdryzen_threadripper_pro_3995wxMatch-
Node
amdryzen_threadripper_3960x_firmwareMatch-
amdryzen_threadripper_3960xMatch-
Node
amdryzen_threadripper_3970x_firmwareMatch-
amdryzen_threadripper_3970xMatch-
Node
amdryzen_threadripper_3990x_firmwareMatch-
amdryzen_threadripper_3990xMatch-
Node
amdryzen_threadripper_pro_5945wx_firmwareMatch-
amdryzen_threadripper_pro_5945wxMatch-
Node
amdryzen_threadripper_pro_5955wx_firmwareMatch-
amdryzen_threadripper_pro_5955wxMatch-
Node
amdryzen_threadripper_pro_5965wx_firmwareMatch-
amdryzen_threadripper_pro_5965wxMatch-
Node
amdryzen_threadripper_pro_5975wx_firmwareMatch-
amdryzen_threadripper_pro_5975wxMatch-
Node
amdryzen_threadripper_pro_5995wx_firmwareMatch-
amdryzen_threadripper_pro_5995wxMatch-
Node
amdryzen_3_3250u_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3250uMatch-
Node
amdryzen_3_3250c_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3250cMatch-
Node
amdryzen_3_3200u_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3200uMatch-
Node
amdamd_3015e_firmwareRange<pollockpi-ft5_1.0.0.3
amdamd_3015eMatch-
Node
amdamd_3015ce_firmwareRange<pollockpi-ft5_1.0.0.3
amdamd_3015ceMatch-
Node
amdryzen_7_2800h_firmwareMatch-
amdryzen_7_2800hMatch-
Node
amdryzen_7_2700u_firmwareMatch-
amdryzen_7_2700uMatch-
Node
amdryzen_5_2600h_firmwareMatch-
amdryzen_5_2600hMatch-
Node
amdryzen_5_2500u_firmwareMatch-
amdryzen_5_2500uMatch-
Node
amdryzen_3_2300u_firmwareMatch-
amdryzen_3_2300uMatch-
Node
amdryzen_3_2200u_firmwareMatch-
amdryzen_3_2200uMatch-
Node
amdryzen_7_3780u_firmwareMatch-
amdryzen_7_3780uMatch-
Node
amdryzen_7_3750h_firmwareMatch-
amdryzen_7_3750hMatch-
Node
amdryzen_7_3700c_firmwareMatch-
amdryzen_7_3700cMatch-
Node
amdryzen_7_3700u_firmwareMatch-
amdryzen_7_3700uMatch-
Node
amdryzen_5_3580u_firmwareMatch-
amdryzen_5_3580uMatch-
Node
amdryzen_5_3550h_firmwareMatch-
amdryzen_5_3550hMatch-
Node
amdryzen_5_3500cMatch-
amdryzen_5_3500c_firmwareMatch-
Node
amdryzen_5_3500uMatch-
amdryzen_5_3500u_firmwareMatch-
Node
amdryzen_5_3450uMatch-
amdryzen_5_3450u_firmwareMatch-
Node
amdryzen_3_3350uMatch-
amdryzen_3_3350u_firmwareMatch-
Node
amdryzen_3_3300uMatch-
amdryzen_3_3300u_firmwareMatch-
Node
amdryzen_7_5700uMatch-
amdryzen_7_5700u_firmwareRange<cezannepi-fp6_1.0.0.8
Node
amdryzen_5_5500uMatch-
amdryzen_5_5500u_firmwareRange<cezannepi-fp6_1.0.0.8
Node
amdryzen_3_5300uMatch-
amdryzen_3_5300u_firmwareRange<cezannepi-fp6_1.0.0.8
Node
amdryzen_9_5980hx_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_9_5980hxMatch-
Node
amdryzen_9_5980hs_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_9_5980hsMatch-
Node
amdryzen_9_5900hx_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_9_5900hxMatch-
Node
amdryzen_9_5900hs_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_9_5900hsMatch-
Node
amdryzen_7_5800h_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5800hMatch-
Node
amdryzen_7_5800hs_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5800hsMatch-
Node
amdryzen_7_5825u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5825uMatch-
Node
amdryzen_7_5800u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5800uMatch-
Node
amdryzen_5_5600h_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5600hMatch-
Node
amdryzen_5_5600hs_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5600hsMatch-
Node
amdryzen_5_5625u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5625uMatch-
Node
amdryzen_5_5600u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5600uMatch-
Node
amdryzen_5_5560u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5560uMatch-
Node
amdryzen_3_5425u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5425uMatch-
Node
amdryzen_3_5400u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5400uMatch-
Node
amdryzen_3_5125c_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5125cMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| amd:epyc_7773x_firmware | amd epyc 7773x firmware | lt | milanpi_1.0.0.6 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 3000 Series Desktop Processors “Matisse” AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ Threadripper™ PRO Processors “Chagall” WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC™ Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC™ Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
]Related
prion
prion
Out-of-bounds
2023-05-09 19:15:00
cvelist
cvelist
CVE-2021-26354
2023-05-09 18:58:37
nvd
nvd
CVE-2021-26354
2023-05-09 19:15:10
amd
amd
AMD Server Vulnerabilities – May 2023
2023-05-09 00:00:00
Client Vulnerabilities – May 2023
2023-05-09 00:00:00
hp
hp
AMD Client UEFI Firmware May 2023 Security Update
2023-05-09 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2021-26354