Lucene search
HistoryMay 09, 2023 - 7:15 p.m.
CVE-2021-26365
cve-2021-26365
firmware
binary headers
out of bounds reads
signature validation
denial of service
information leakage
memory contents
nvd
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.7%
Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
Affected configurations
Node
amdryzen_5_2400gMatch-
amdryzen_5_2400g_firmwareMatch-
Node
amdryzen_5_2400geMatch-
amdryzen_5_2400ge_firmwareMatch-
Node
amdryzen_3_2200ge_firmwareMatch-
amdryzen_3_2200geMatch-
Node
amdryzen_3_2200g_firmwareMatch-
amdryzen_3_2200gMatch-
Node
amdryzen_3_pro_2100ge_firmwareMatch-
amdryzen_3_pro_2100geMatch-
Node
amdryzen_9_5900x_firmwareMatch-
amdryzen_9_5900xMatch-
Node
amdryzen_9_5950x_firmwareMatch-
amdryzen_9_5950xMatch-
Node
amdryzen_9_5900_firmwareMatch-
amdryzen_9_5900Match-
Node
amdryzen_7_5800_firmwareMatch-
amdryzen_7_5800Match-
Node
amdryzen_7_5800x_firmwareMatch-
amdryzen_7_5800xMatch-
Node
amdryzen_7_5800x3d_firmwareMatch-
amdryzen_7_5800x3dMatch-
Node
amdryzen_7_5700x_firmwareMatch-
amdryzen_7_5700xMatch-
Node
amdryzen_5_5600_firmwareMatch-
amdryzen_5_5600Match-
Node
amdryzen_5_5600x_firmwareMatch-
amdryzen_5_5600xMatch-
Node
amdryzen_5_5500_firmwareMatch-
amdryzen_5_5500Match-
Node
amdryzen_3_3200u_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3200uMatch-
Node
amdryzen_3_3250c_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3250cMatch-
Node
amdryzen_3_3250u_firmwareRange<picassopi-fp5_1.0.0.d
amdryzen_3_3250uMatch-
Node
amdamd_3015e_firmwareRange<pollockpi-ft5_1.0.0.3
amdamd_3015eMatch-
Node
amdamd_3015ce_firmwareRange<pollockpi-ft5_1.0.0.3
amdamd_3015ceMatch-
Node
amdryzen_7_2800h_firmwareMatch-
amdryzen_7_2800hMatch-
Node
amdryzen_7_2700u_firmwareMatch-
amdryzen_7_2700uMatch-
Node
amdryzen_5_2600h_firmwareMatch-
amdryzen_5_2600hMatch-
Node
amdryzen_5_2500u_firmwareMatch-
amdryzen_5_2500uMatch-
Node
amdryzen_3_2300u_firmwareMatch-
amdryzen_3_2300uMatch-
Node
amdryzen_3_2200u_firmwareMatch-
amdryzen_3_2200uMatch-
Node
amdryzen_5_3400g_firmwareMatch-
amdryzen_5_3400gMatch-
Node
amdryzen_5_pro_3400g_firmwareMatch-
amdryzen_5_pro_3400gMatch-
Node
amdryzen_5_pro_3400ge_firmwareMatch-
amdryzen_5_pro_3400geMatch-
Node
amdryzen_5_pro_3350g_firmwareMatch-
amdryzen_5_pro_3350gMatch-
Node
amdryzen_5_pro_3350ge_firmwareMatch-
amdryzen_5_pro_3350geMatch-
Node
amdryzen_3_pro_3200g_firmwareMatch-
amdryzen_3_pro_3200gMatch-
Node
amdryzen_3_3200g_firmwareMatch-
amdryzen_3_3200gMatch-
Node
amdryzen_3_3200ge_firmwareMatch-
amdryzen_3_3200geMatch-
Node
amdryzen_3_pro_3200ge_firmwareMatch-
amdryzen_3_pro_3200geMatch-
Node
amdryzen_7_5700u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5700uMatch-
Node
amdryzen_5_5500u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5500uMatch-
Node
amdryzen_3_5300u_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5300uMatch-
Node
amdryzen_7_5700g_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5700gMatch-
Node
amdryzen_7_5700ge_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_7_5700geMatch-
Node
amdryzen_5_5600g_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5600gMatch-
Node
amdryzen_5_5600ge_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_5_5600geMatch-
Node
amdryzen_3_5300g_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5300gMatch-
Node
amdryzen_3_5300ge_firmwareRange<cezannepi-fp6_1.0.0.8
amdryzen_3_5300geMatch-
Node
amdryzen_9_6980hx_firmwareRange<rmb_1.0.0.4
amdryzen_9_6980hxMatch-
Node
amdryzen_9_6980hs_firmwareRange<rmb_1.0.0.4
amdryzen_9_6980hsMatch-
Node
amdryzen_9_6900hx_firmwareRange<rmb_1.0.0.4
amdryzen_9_6900hxMatch-
Node
amdryzen_9_6900hs_firmwareRange<rmb_1.0.0.4
amdryzen_9_6900hsMatch-
Node
amdryzen_7_6800h_firmwareRange<rmb_1.0.0.4
amdryzen_7_6800hMatch-
Node
amdryzen_7_6800hs_firmwareRange<rmb_1.0.0.4
amdryzen_7_6800hsMatch-
Node
amdryzen_7_6800u_firmwareRange<rmb_1.0.0.4
amdryzen_7_6800uMatch-
Node
amdryzen_5_6600h_firmwareRange<rmb_1.0.0.4
amdryzen_5_6600hMatch-
Node
amdryzen_5_6600hs_firmwareRange<rmb_1.0.0.4
amdryzen_5_6600hsMatch-
Node
amdryzen_5_6600u_firmwareRange<rmb_1.0.0.4
amdryzen_5_6600uMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| amd:ryzen_5_2400g_firmware | amd ryzen 5 2400g firmware | eq | - |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 2000 series Desktop Processors āRaven Ridgeā AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 5000 Series Desktop processor with Radeonā¢ Graphics āCezanneā AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlonā¢ 3000 Series Mobile Processors with Radeonā¢ Graphics āDaliā/āDaliā ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlonā¢ 3000 Series Mobile Processors with Radeonā¢ Graphics āPollockā",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 2000 Series Mobile Processors āRaven Ridgeā FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 3000 Series Mobile processor, 2nd Gen AMD Ryzenā¢ Mobile Processors with Radeonā¢ Graphics āPicassoā",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 3000 Series Mobile Processors with Radeonā¢ Graphics āRenoirā ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 5000 Series Mobile Processors with Radeonā¢ Graphics āLucienneā",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 5000 Series Mobile processors with Radeonā¢ Graphics āCezanneā",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzenā¢ 6000 Series Mobile Processors \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-05-09 19:15:00
cvelist
cvelist
CVE-2021-26365
2023-05-09 18:58:57
nvd
nvd
CVE-2021-26365
2023-05-09 19:15:10
hp
hp
AMD Client UEFI Firmware May 2023 Security Update
2023-05-09 00:00:00
amd
amd
Client Vulnerabilities ā May 2023
2023-05-09 00:00:00
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.7%
Related for CVE-2021-26365