Lucene search
HistoryMay 10, 2022 - 7:15 p.m.
CVE-2021-26370
improper validation
destination address
svc_load_fw_image_by_instance
svc_load_binary_by_attrib
malicious uapp
malicious abl
attacker
overwrite
bootloader memory
spi rom contents
loss of integrity
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
0
Percentile
12.6%
Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
Affected configurations
Node
amdepyc_7763Match-
amdepyc_7763_firmwareRange<milanpi-sp3_1.0.0.4
Node
amdepyc_7713p_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7713pMatch-
Node
amdepyc_7713_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7713Match-
Node
amdepyc_7663_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7663Match-
Node
amdepyc_7643_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7643Match-
Node
amdepyc_75f3_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_75f3Match-
Node
amdepyc_7543p_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7543pMatch-
Node
amdepyc_7543_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7543Match-
Node
amdepyc_7513_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7513Match-
Node
amdepyc_7453_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7453Match-
Node
amdepyc_74f3_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_74f3Match-
Node
amdepyc_7443p_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7443pMatch-
Node
amdepyc_7443_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7443Match-
Node
amdepyc_7413_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7413Match-
Node
amdepyc_73f3_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_73f3Match-
Node
amdepyc_7343_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7343Match-
Node
amdepyc_7313p_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7313pMatch-
Node
amdepyc_7313_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7313Match-
Node
amdepyc_72f3_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_72f3Match-
Node
amdepyc_7773x_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7773xMatch-
Node
amdepyc_7473x_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7473xMatch-
Node
amdepyc_7573x_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7573xMatch-
Node
amdepyc_7373x_firmwareRange<milanpi-sp3_1.0.0.4
amdepyc_7373xMatch-
Node
amdepyc_7002_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7002Match-
Node
amdepyc_7232p_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7232pMatch-
Node
amdepyc_7252_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7252Match-
Node
amdepyc_7262_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7262Match-
Node
amdepyc_7272_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7272Match-
Node
amdepyc_7282_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7282Match-
Node
amdepyc_7302_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7302Match-
Node
amdepyc_7302p_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7302pMatch-
Node
amdepyc_7352_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7352Match-
Node
amdepyc_7402_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7402Match-
Node
amdepyc_7402p_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7402pMatch-
Node
amdepyc_7452_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7452Match-
Node
amdepyc_7502_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7502Match-
Node
amdepyc_7502p_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7502pMatch-
Node
amdepyc_7532_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7532Match-
Node
amdepyc_7542_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7542Match-
Node
amdepyc_7552_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7552Match-
Node
amdepyc_7642_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7642Match-
Node
amdepyc_7662_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7662Match-
Node
amdepyc_7702_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7702Match-
Node
amdepyc_7702p_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7702pMatch-
Node
amdepyc_7742_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7742Match-
Node
amdepyc_7f72_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7f72Match-
Node
amdepyc_7f52_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7f52Match-
Node
amdepyc_7f32_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7f32Match-
Node
amdepyc_7h12_firmwareRange<romepi-sp3_1.0.0.c
amdepyc_7h12Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amd | epyc_7763 | - | cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:* |
| amd | epyc_7763_firmware | * | cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:* |
| amd | epyc_7713p_firmware | * | cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:* |
| amd | epyc_7713p | - | cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:* |
| amd | epyc_7713_firmware | * | cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:* |
| amd | epyc_7713 | - | cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:* |
| amd | epyc_7663_firmware | * | cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:* |
| amd | epyc_7663 | - | cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:* |
| amd | epyc_7643_firmware | * | cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:* |
| amd | epyc_7643 | - | cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2021-26370
2022-05-10 18:25:17
cve
cve
CVE-2021-26370
2022-05-10 19:15:08
prion
prion
Input validation
2022-05-10 19:15:00
amd
amd
AMD Server Vulnerabilities – November 2021
2021-11-08 00:00:00
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
0
Percentile
12.6%
Related for NVD:CVE-2021-26370