Strix
26.1K

CVE-2021-26351

MEDIUMCVSS 5.5/10EPSS 0.20%

Last modified

CVE-2021-26351 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.20%

10.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 3 3100 FirmwareAll versions
AmdRyzen 3 3300g FirmwareAll versions
AmdRyzen 3 3300x FirmwareAll versions
AmdRyzen 3 5125c FirmwareAll versions
AmdRyzen 3 5400u FirmwareAll versions
AmdRyzen 3 5425c FirmwareAll versions
AmdRyzen 3 5425u FirmwareAll versions
AmdRyzen 5 3400g FirmwareAll versions
AmdRyzen 5 3450g FirmwareAll versions
AmdRyzen 5 3600 FirmwareAll versions
AmdRyzen 5 3600x FirmwareAll versions
AmdRyzen 5 5560u FirmwareAll versions
AmdRyzen 5 5600h FirmwareAll versions
AmdRyzen 5 5600hs FirmwareAll versions
AmdRyzen 5 5600u FirmwareAll versions
AmdRyzen 5 5600x FirmwareAll versions
AmdRyzen 5 5625c FirmwareAll versions
AmdRyzen 5 5625u FirmwareAll versions
AmdRyzen 5 5700g FirmwareAll versions
AmdRyzen 5 5700ge FirmwareAll versions
AmdRyzen 7 3700x FirmwareAll versions
AmdRyzen 7 3800x FirmwareAll versions
AmdRyzen 7 5800h FirmwareAll versions
AmdRyzen 7 5800hs FirmwareAll versions
AmdRyzen 7 5800u FirmwareAll versions
AmdRyzen 7 5825c FirmwareAll versions
AmdRyzen 7 5825u FirmwareAll versions
AmdRyzen 9 3900x FirmwareAll versions
AmdRyzen 9 3950x FirmwareAll versions
AmdRyzen 9 5900hs FirmwareAll versions
AmdRyzen 9 5900hx FirmwareAll versions
AmdRyzen 9 5980hs FirmwareAll versions
AmdRyzen 9 5980hx FirmwareAll versions
AmdRyzen Threadripper 2920x FirmwareAll versions
AmdRyzen Threadripper 2950x FirmwareAll versions
AmdRyzen Threadripper 2970wx FirmwareAll versions
AmdRyzen Threadripper 2990wx FirmwareAll versions
AmdRyzen Threadripper 3960x FirmwareAll versions
AmdRyzen Threadripper 3970x FirmwareAll versions
AmdRyzen Threadripper 3990x FirmwareAll versions
AmdRyzen Threadripper Pro 3945wx FirmwareAll versions
AmdRyzen Threadripper Pro 3955wx FirmwareAll versions
AmdRyzen Threadripper Pro 3975wx FirmwareAll versions
AmdRyzen Threadripper Pro 3995wx FirmwareAll versions
AmdRyzen Threadripper Pro 5945wx FirmwareAll versions
AmdRyzen Threadripper Pro 5955wx FirmwareAll versions
AmdRyzen Threadripper Pro 5965wx FirmwareAll versions
AmdRyzen Threadripper Pro 5975wx FirmwareAll versions
AmdRyzen Threadripper Pro 5995wx FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-26351?
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
How severe is CVE-2021-26351?
CVE-2021-26351 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2021-26351?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-26351?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST