CVE-2021-26352

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_2600:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_2600x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:ryzen_5_2700x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_2700x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:ryzen_5_2700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_2700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3600:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3600x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_7_3700x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_7_3800x:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_9_3900x:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_9_3950x:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_9_5950x:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_9_5900x:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_7_5800x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:ryzen_3_5300ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_2970wx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_2950x:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_2920x:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_3970x:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*

History

25 May 2022, 17:42

Type	Values Removed	Values Added
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.9 v3 : 5.5
CPE		cpe:2.3:h:amd:ryzen_9_5950x:-:::::::* cpe:2.3:h:amd:ryzen_5_2600:-:::::::* cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_9_3900x:-:::::::* cpe:2.3:o:amd:ryzen_5_2700_firmware:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:::::::* cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_2970wx:-:::::::* cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_7_5800x:-:::::::* cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:::::::* cpe:2.3:h:amd:ryzen_5_5600g:-:::::::* cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_7_5700g:-:::::::* cpe:2.3:h:amd:ryzen_9_3950x:-:::::::* cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:::::::* cpe:2.3:o:amd:ryzen_5_3600_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_3600:-:::::::* cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_7_5700ge:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_3970x:-:::::::* cpe:2.3:h:amd:ryzen_7_3800x:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_3_5300ge:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_2920x:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:::::::* cpe:2.3:o:amd:ryzen_3_5300ge_firmware:-:::::::* cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_3600x:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:::::::* cpe:2.3:h:amd:ryzen_9_5900x:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:::::::* cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:::::::* cpe:2.3:h:amd:ryzen_threadripper_2950x:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:::::::* cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_2700:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_5600ge:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_2600x:-:::::::* cpe:2.3:o:amd:ryzen_5_2600_firmware:-:::::::* cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_5_2700x:-:::::::* cpe:2.3:o:amd:ryzen_5_2700x_firmware:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:::::::* cpe:2.3:h:amd:ryzen_7_3700x:-:::::::* cpe:2.3:h:amd:ryzen_5_5600x:-:::::::* cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:::::::* cpe:2.3:h:amd:ryzen_3_5300g:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:::::::* cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:::::::* cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:::::::* cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:::::::* cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:::::::*
CWE		CWE-119

12 May 2022, 18:16

Type	Values Removed	Values Added
References	~~{'url': 'https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021', 'name': 'https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021', 'tags': [], 'refsource': 'MISC'}~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 -

10 May 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-10 19:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-26352

Mitre link : CVE-2021-26352

CVE.ORG link : CVE-2021-26352

JSON object : View

Products Affected

amd

ryzen_threadripper_2920x
ryzen_threadripper_3970x
ryzen_threadripper_pro_5955wx
ryzen_5_5600x_firmware
ryzen_5_2700
ryzen_threadripper_pro_5995wx
ryzen_7_5700g
ryzen_9_5950x
ryzen_5_3600x_firmware
ryzen_7_3800x
ryzen_7_5800x
ryzen_5_5600g
ryzen_5_2700x_firmware
ryzen_7_3800x_firmware
ryzen_9_3900x_firmware
ryzen_5_5600ge
ryzen_5_3600
ryzen_threadripper_2920x_firmware
ryzen_threadripper_pro_5995wx_firmware
ryzen_threadripper_pro_5965wx_firmware
ryzen_7_5800x_firmware
ryzen_5_2600x
ryzen_threadripper_2950x
ryzen_9_3900x
ryzen_threadripper_2970wx
ryzen_7_3700x
ryzen_9_5950x_firmware
ryzen_5_2600x_firmware
ryzen_3_5300ge
ryzen_7_5700g_firmware
ryzen_5_5600g_firmware
ryzen_threadripper_pro_5945wx
ryzen_threadripper_pro_5975wx
ryzen_threadripper_2950x_firmware
ryzen_3_5300g_firmware
ryzen_threadripper_pro_5975wx_firmware
ryzen_5_5600x
ryzen_5_2700x
ryzen_threadripper_2990wx
ryzen_threadripper_pro_5945wx_firmware
ryzen_3_5300ge_firmware
ryzen_5_5600ge_firmware
ryzen_5_2700_firmware
ryzen_threadripper_2990wx_firmware
ryzen_9_3950x
ryzen_9_5900x
ryzen_threadripper_pro_5955wx_firmware
ryzen_7_3700x_firmware
ryzen_9_5900x_firmware
ryzen_3_5300g
ryzen_5_2600_firmware
ryzen_threadripper_2970wx_firmware
ryzen_7_5700ge
ryzen_threadripper_pro_5965wx
ryzen_7_5700ge_firmware
ryzen_5_3600_firmware
ryzen_5_2600
ryzen_9_3950x_firmware
ryzen_5_3600x
ryzen_threadripper_3970x_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-26352

5.5^/10

4.9^/10

Attach tags to `CVE-2021-26352`