Lucene search

[email protected]CVE-2021-26356

HistoryMay 09, 2023 - 7:15 p.m.

CVE-2021-26356

2023-05-0919:15:00

CWE-367

[email protected]

web.nvd.nist.gov

cve-2021-26356

asp bootloader

toctou

spi rom

s3 data corruption

information disclosure

nvd

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.6%

JSON

A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.

CPENameOperatorVersion
amd:epyc_7001_firmwareamd epyc 7001 firmwareltnaplespi_1.0.0.h
amd:epyc_7251_firmwareamd epyc 7251 firmwareltnaplespi_1.0.0.h
amd:epyc_7261_firmwareamd epyc 7261 firmwareltnaplespi_1.0.0.h
amd:epyc_7281_firmwareamd epyc 7281 firmwareltnaplespi_1.0.0.h
amd:epyc_7301_firmwareamd epyc 7301 firmwareltnaplespi_1.0.0.h
amd:epyc_7351_firmwareamd epyc 7351 firmwareltnaplespi_1.0.0.h
amd:epyc_7351p_firmwareamd epyc 7351p firmwareltnaplespi_1.0.0.h
amd:epyc_7371_firmwareamd epyc 7371 firmwareltnaplespi_1.0.0.h
amd:epyc_7401_firmwareamd epyc 7401 firmwareltnaplespi_1.0.0.h
amd:epyc_7401p_firmwareamd epyc 7401p firmwareltnaplespi_1.0.0.h

CPE	Name	Operator	Version
amd:epyc_7001_firmware	amd epyc 7001 firmware	lt	naplespi_1.0.0.h
amd:epyc_7251_firmware	amd epyc 7251 firmware	lt	naplespi_1.0.0.h
amd:epyc_7261_firmware	amd epyc 7261 firmware	lt	naplespi_1.0.0.h
amd:epyc_7281_firmware	amd epyc 7281 firmware	lt	naplespi_1.0.0.h
amd:epyc_7301_firmware	amd epyc 7301 firmware	lt	naplespi_1.0.0.h
amd:epyc_7351_firmware	amd epyc 7351 firmware	lt	naplespi_1.0.0.h
amd:epyc_7351p_firmware	amd epyc 7351p firmware	lt	naplespi_1.0.0.h
amd:epyc_7371_firmware	amd epyc 7371 firmware	lt	naplespi_1.0.0.h
amd:epyc_7401_firmware	amd epyc 7401 firmware	lt	naplespi_1.0.0.h
amd:epyc_7401p_firmware	amd epyc 7401p firmware	lt	naplespi_1.0.0.h

Rows per page:

1-10 of 981

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for CVE-2021-26356

prion1 cvelist1 amd2 hp1