Strix
26.1K

CVE-2021-26346

MEDIUMCVSS 5.5/10EPSS 0.21%

Last modified

CVE-2021-26346 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.21%

11.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 3 3100 FirmwareAll versions
AmdRyzen 3 3200g FirmwareAll versions
AmdRyzen 3 3200u FirmwareAll versions
AmdRyzen 3 3250c FirmwareAll versions
AmdRyzen 3 3250u FirmwareAll versions
AmdRyzen 3 3300g FirmwareAll versions
AmdRyzen 3 3300u FirmwareAll versions
AmdRyzen 3 3300x FirmwareAll versions
AmdRyzen 3 3350u FirmwareAll versions
AmdRyzen 3 3450u FirmwareAll versions
AmdRyzen 3 3500c FirmwareAll versions
AmdRyzen 3 3500u FirmwareAll versions
AmdRyzen 3 3550h FirmwareAll versions
AmdRyzen 3 3580u FirmwareAll versions
AmdRyzen 3 3700c FirmwareAll versions
AmdRyzen 3 3700u FirmwareAll versions
AmdRyzen 3 3750h FirmwareAll versions
AmdRyzen 3 3780u FirmwareAll versions
AmdRyzen 3 5125c FirmwareAll versions
AmdRyzen 3 5300g FirmwareAll versions
AmdRyzen 3 5300ge FirmwareAll versions
AmdRyzen 3 5300u FirmwareAll versions
AmdRyzen 3 5400u FirmwareAll versions
AmdRyzen 3 5425c FirmwareAll versions
AmdRyzen 3 5425u FirmwareAll versions
AmdRyzen 3 Pro 3200g FirmwareAll versions
AmdRyzen 3 Pro 3200ge FirmwareAll versions
AmdRyzen 3 Pro 3300u FirmwareAll versions
AmdRyzen 5 3400g FirmwareAll versions
AmdRyzen 5 3450g FirmwareAll versions
AmdRyzen 5 3450u FirmwareAll versions
AmdRyzen 5 3500 FirmwareAll versions
AmdRyzen 5 3500c FirmwareAll versions
AmdRyzen 5 3500u FirmwareAll versions
AmdRyzen 5 3500x FirmwareAll versions
AmdRyzen 5 3550h FirmwareAll versions
AmdRyzen 5 3580u FirmwareAll versions
AmdRyzen 5 3600 FirmwareAll versions
AmdRyzen 5 3600x FirmwareAll versions
AmdRyzen 5 3600xt FirmwareAll versions
AmdRyzen 5 5500 FirmwareAll versions
AmdRyzen 5 5500u FirmwareAll versions
AmdRyzen 5 5560u FirmwareAll versions
AmdRyzen 5 5600 FirmwareAll versions
AmdRyzen 5 5600g FirmwareAll versions
AmdRyzen 5 5600ge FirmwareAll versions
AmdRyzen 5 5600h FirmwareAll versions
AmdRyzen 5 5600hs FirmwareAll versions
AmdRyzen 5 5600u FirmwareAll versions
AmdRyzen 5 5600x FirmwareAll versions

Showing 50 of 104 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-26346?
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
How severe is CVE-2021-26346?
CVE-2021-26346 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.
How do I fix CVE-2021-26346?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-26346?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST