Lucene search

[email protected]CVE-2021-26371

HistoryMay 09, 2023 - 7:15 p.m.

CVE-2021-26371

2023-05-0919:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-26371

compromised abl

malicious uapp

sha256 system call

bootloader

asp memory

information disclosure

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.5%

JSON

A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.

CPENameOperatorVersion
amd:epyc_7773x_firmwareamd epyc 7773x firmwareltmilanpi_1.0.0.6
amd:epyc_7763_firmwareamd epyc 7763 firmwareltmilanpi_1.0.0.6
amd:epyc_7713p_firmwareamd epyc 7713p firmwareltmilanpi_1.0.0.6
amd:epyc_7713_firmwareamd epyc 7713 firmwareltmilanpi_1.0.0.6
amd:epyc_7663_firmwareamd epyc 7663 firmwareltmilanpi_1.0.0.6
amd:epyc_7643_firmwareamd epyc 7643 firmwareltmilanpi_1.0.0.6
amd:epyc_75f3_firmwareamd epyc 75f3 firmwareltmilanpi_1.0.0.6
amd:epyc_7573x_firmwareamd epyc 7573x firmwareltmilanpi_1.0.0.6
amd:epyc_7543p_firmwareamd epyc 7543p firmwareltmilanpi_1.0.0.6
amd:epyc_7543_firmwareamd epyc 7543 firmwareltmilanpi_1.0.0.6

CPE	Name	Operator	Version
amd:epyc_7773x_firmware	amd epyc 7773x firmware	lt	milanpi_1.0.0.6
amd:epyc_7763_firmware	amd epyc 7763 firmware	lt	milanpi_1.0.0.6
amd:epyc_7713p_firmware	amd epyc 7713p firmware	lt	milanpi_1.0.0.6
amd:epyc_7713_firmware	amd epyc 7713 firmware	lt	milanpi_1.0.0.6
amd:epyc_7663_firmware	amd epyc 7663 firmware	lt	milanpi_1.0.0.6
amd:epyc_7643_firmware	amd epyc 7643 firmware	lt	milanpi_1.0.0.6
amd:epyc_75f3_firmware	amd epyc 75f3 firmware	lt	milanpi_1.0.0.6
amd:epyc_7573x_firmware	amd epyc 7573x firmware	lt	milanpi_1.0.0.6
amd:epyc_7543p_firmware	amd epyc 7543p firmware	lt	milanpi_1.0.0.6
amd:epyc_7543_firmware	amd epyc 7543 firmware	lt	milanpi_1.0.0.6

Rows per page:

1-10 of 1281

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.5%

JSON

Related for CVE-2021-26371

cvelist1 prion1 amd2 hp1