CVE-2021-26347

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

CVSS v3 4.7 MEDIUM
CVSS v2.0 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:epyc_7002_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-367~~	CWE-1284
Summary	~~TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.~~	Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
References	{'url': 'https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028', 'name': 'https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 -

19 May 2022, 20:12

Type	Values Removed	Values Added
CPE		cpe:2.3:o:amd:epyc_7402p_firmware:::::::: cpe:2.3:h:amd:epyc_7742:-:::::::* cpe:2.3:o:amd:epyc_7452_firmware:::::::: cpe:2.3:o:amd:epyc_7302_firmware:::::::: cpe:2.3:o:amd:epyc_72f3_firmware:::::::: cpe:2.3:h:amd:epyc_7543p:-:::::::* cpe:2.3:o:amd:epyc_7713p_firmware:::::::: cpe:2.3:o:amd:epyc_7352_firmware:::::::: cpe:2.3:h:amd:epyc_7702p:-:::::::* cpe:2.3:o:amd:epyc_7742_firmware:::::::: cpe:2.3:h:amd:epyc_7302:-:::::::* cpe:2.3:h:amd:epyc_7272:-:::::::* cpe:2.3:o:amd:epyc_7542_firmware:::::::: cpe:2.3:h:amd:epyc_7573x:-:::::::* cpe:2.3:o:amd:epyc_7763_firmware:::::::: cpe:2.3:o:amd:epyc_7262_firmware:::::::: cpe:2.3:h:amd:epyc_7h12:-:::::::* cpe:2.3:h:amd:epyc_7713:-:::::::* cpe:2.3:h:amd:epyc_7352:-:::::::* cpe:2.3:h:amd:epyc_7002:-:::::::* cpe:2.3:o:amd:epyc_75f3_firmware:::::::: cpe:2.3:h:amd:epyc_7443:-:::::::* cpe:2.3:h:amd:epyc_7443p:-:::::::* cpe:2.3:o:amd:epyc_7532_firmware:::::::: cpe:2.3:o:amd:epyc_7773x_firmware:::::::: cpe:2.3:h:amd:epyc_7502p:-:::::::* cpe:2.3:o:amd:epyc_7f72_firmware:::::::: cpe:2.3:o:amd:epyc_7373x_firmware:::::::: cpe:2.3:h:amd:epyc_7343:-:::::::* cpe:2.3:o:amd:epyc_7713_firmware:::::::: cpe:2.3:h:amd:epyc_7763:-:::::::* cpe:2.3:o:amd:epyc_7313p_firmware:::::::: cpe:2.3:h:amd:epyc_7713p:-:::::::* cpe:2.3:h:amd:epyc_7252:-:::::::* cpe:2.3:o:amd:epyc_7413_firmware:::::::: cpe:2.3:h:amd:epyc_7662:-:::::::* cpe:2.3:h:amd:epyc_7232p:-:::::::* cpe:2.3:h:amd:epyc_7282:-:::::::* cpe:2.3:h:amd:epyc_7773x:-:::::::* cpe:2.3:h:amd:epyc_73f3:-:::::::* cpe:2.3:h:amd:epyc_7262:-:::::::* cpe:2.3:h:amd:epyc_7313p:-:::::::* cpe:2.3:o:amd:epyc_7502_firmware:::::::: cpe:2.3:o:amd:epyc_7552_firmware:::::::: cpe:2.3:o:amd:epyc_7002_firmware:::::::: cpe:2.3:h:amd:epyc_7452:-:::::::* cpe:2.3:o:amd:epyc_74f3_firmware:::::::: cpe:2.3:h:amd:epyc_7643:-:::::::* cpe:2.3:o:amd:epyc_7252_firmware:::::::: cpe:2.3:o:amd:epyc_7663_firmware:::::::: cpe:2.3:h:amd:epyc_74f3:-:::::::* cpe:2.3:h:amd:epyc_7402p:-:::::::* cpe:2.3:h:amd:epyc_7473x:-:::::::* cpe:2.3:h:amd:epyc_7f72:-:::::::* cpe:2.3:o:amd:epyc_7232p_firmware:::::::: cpe:2.3:h:amd:epyc_7642:-:::::::* cpe:2.3:h:amd:epyc_7402:-:::::::* cpe:2.3:o:amd:epyc_7313_firmware:::::::: cpe:2.3:o:amd:epyc_7453_firmware:::::::: cpe:2.3:h:amd:epyc_7373x:-:::::::* cpe:2.3:o:amd:epyc_7643_firmware:::::::: cpe:2.3:o:amd:epyc_7282_firmware:::::::: cpe:2.3:o:amd:epyc_7502p_firmware:::::::: cpe:2.3:o:amd:epyc_7702_firmware:::::::: cpe:2.3:h:amd:epyc_7453:-:::::::* cpe:2.3:h:amd:epyc_7513:-:::::::* cpe:2.3:o:amd:epyc_7702p_firmware:::::::: cpe:2.3:h:amd:epyc_7552:-:::::::* cpe:2.3:h:amd:epyc_7502:-:::::::* cpe:2.3:h:amd:epyc_7532:-:::::::* cpe:2.3:h:amd:epyc_7f32:-:::::::* cpe:2.3:o:amd:epyc_7473x_firmware:::::::: cpe:2.3:h:amd:epyc_72f3:-:::::::* cpe:2.3:o:amd:epyc_7573x_firmware:::::::: cpe:2.3:o:amd:epyc_7443p_firmware:::::::: cpe:2.3:o:amd:epyc_7f32_firmware:::::::: cpe:2.3:o:amd:epyc_7343_firmware:::::::: cpe:2.3:o:amd:epyc_7302p_firmware:::::::: cpe:2.3:h:amd:epyc_7542:-:::::::* cpe:2.3:o:amd:epyc_7443_firmware:::::::: cpe:2.3:h:amd:epyc_7663:-:::::::* cpe:2.3:o:amd:epyc_7543p_firmware:::::::: cpe:2.3:h:amd:epyc_7413:-:::::::* cpe:2.3:o:amd:epyc_7642_firmware:::::::: cpe:2.3:o:amd:epyc_7513_firmware:::::::: cpe:2.3:o:amd:epyc_7272_firmware:::::::: cpe:2.3:o:amd:epyc_7f52_firmware:::::::: cpe:2.3:h:amd:epyc_7f52:-:::::::* cpe:2.3:h:amd:epyc_7313:-:::::::* cpe:2.3:h:amd:epyc_7302p:-:::::::* cpe:2.3:o:amd:epyc_7h12_firmware:::::::: cpe:2.3:o:amd:epyc_7402_firmware:::::::: cpe:2.3:h:amd:epyc_7543:-:::::::* cpe:2.3:o:amd:epyc_73f3_firmware:::::::: cpe:2.3:h:amd:epyc_7702:-:::::::* cpe:2.3:o:amd:epyc_7662_firmware:::::::: cpe:2.3:o:amd:epyc_7543_firmware:::::::: cpe:2.3:h:amd:epyc_75f3:-:::::::*
CWE		CWE-367
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.7 v3 : 4.7

11 May 2022, 17:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-11 17:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-26347

Mitre link : CVE-2021-26347

CVE.ORG link : CVE-2021-26347

JSON object : View

Products Affected

amd

epyc_7402p
epyc_7742_firmware
epyc_7443p
epyc_7513_firmware
epyc_7713p
epyc_7773x_firmware
epyc_7352
epyc_7542_firmware
epyc_7573x
epyc_7402_firmware
epyc_7413_firmware
epyc_7453_firmware
epyc_7443
epyc_7f32
epyc_7763
epyc_7702_firmware
epyc_7543p
epyc_7452_firmware
epyc_7313p_firmware
epyc_75f3
epyc_7302p
epyc_7502p_firmware
epyc_7402
epyc_7f52
epyc_72f3
epyc_7502_firmware
epyc_7f72
epyc_7302_firmware
epyc_7513
epyc_7742
epyc_7713_firmware
epyc_7702p
epyc_7453
epyc_7f32_firmware
epyc_7502
epyc_7313p
epyc_7f72_firmware
epyc_73f3
epyc_7252_firmware
epyc_7763_firmware
epyc_74f3
epyc_7473x
epyc_7543
epyc_7643_firmware
epyc_7713p_firmware
epyc_7573x_firmware
epyc_7302p_firmware
epyc_7282
epyc_7443p_firmware
epyc_74f3_firmware
epyc_7002
epyc_7f52_firmware
epyc_7302
epyc_7502p
epyc_73f3_firmware
epyc_7643
epyc_7373x
epyc_7343_firmware
epyc_7443_firmware
epyc_7702p_firmware
epyc_7313_firmware
epyc_7552
epyc_7642
epyc_7702
epyc_7552_firmware
epyc_7252
epyc_7313
epyc_7662
epyc_75f3_firmware
epyc_7232p_firmware
epyc_7343
epyc_7532
epyc_7642_firmware
epyc_7232p
epyc_7262
epyc_7h12_firmware
epyc_7002_firmware
epyc_7543_firmware
epyc_7663_firmware
epyc_7h12
epyc_7452
epyc_7663
epyc_7532_firmware
epyc_72f3_firmware
epyc_7272_firmware
epyc_7352_firmware
epyc_7662_firmware
epyc_7262_firmware
epyc_7773x
epyc_7542
epyc_7272
epyc_7282_firmware
epyc_7713
epyc_7402p_firmware
epyc_7413
epyc_7473x_firmware
epyc_7373x_firmware
epyc_7543p_firmware

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

4.7 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.7 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-26347

4.7^/10

4.7^/10

Attach tags to `CVE-2021-26347`