Strix
26.1K

CVE-2021-26365

HIGHCVSS 8.2/10EPSS 0.57%

Last modified

CVE-2021-26365 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. . EPSS estimates a 0.57% chance of exploitation in the next 30 days.

Description

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Metrics

CVSS 3.1
8.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Probability
0.57%

42.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 5 2400g FirmwareAll versions
AmdRyzen 5 2400ge FirmwareAll versions
AmdRyzen 3 2200ge FirmwareAll versions
AmdRyzen 3 2200g FirmwareAll versions
AmdRyzen 3 Pro 2100ge FirmwareAll versions
AmdRyzen 9 5900x FirmwareAll versions
AmdRyzen 9 5950x FirmwareAll versions
AmdRyzen 9 5900 FirmwareAll versions
AmdRyzen 7 5800 FirmwareAll versions
AmdRyzen 7 5800x FirmwareAll versions
AmdRyzen 7 5800x3d FirmwareAll versions
AmdRyzen 7 5700x FirmwareAll versions
AmdRyzen 5 5600 FirmwareAll versions
AmdRyzen 5 5600x FirmwareAll versions
AmdRyzen 5 5500 FirmwareAll versions
AmdRyzen 3 3200u Firmware< picassopi-fp5_1.0.0.d
AmdRyzen 3 3250c Firmware< picassopi-fp5_1.0.0.d
AmdRyzen 3 3250u Firmware< picassopi-fp5_1.0.0.d
AmdAmd 3015e Firmware< pollockpi-ft5_1.0.0.3
AmdAmd 3015ce Firmware< pollockpi-ft5_1.0.0.3
AmdRyzen 7 2800h FirmwareAll versions
AmdRyzen 7 2700u FirmwareAll versions
AmdRyzen 5 2600h FirmwareAll versions
AmdRyzen 5 2500u FirmwareAll versions
AmdRyzen 3 2300u FirmwareAll versions
AmdRyzen 3 2200u FirmwareAll versions
AmdRyzen 5 3400g FirmwareAll versions
AmdRyzen 5 Pro 3400g FirmwareAll versions
AmdRyzen 5 Pro 3400ge FirmwareAll versions
AmdRyzen 5 Pro 3350g FirmwareAll versions
AmdRyzen 5 Pro 3350ge FirmwareAll versions
AmdRyzen 3 Pro 3200g FirmwareAll versions
AmdRyzen 3 3200g FirmwareAll versions
AmdRyzen 3 3200ge FirmwareAll versions
AmdRyzen 3 Pro 3200ge FirmwareAll versions
AmdRyzen 7 5700u Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 5 5500u Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 3 5300u Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 7 5700g Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 7 5700ge Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 5 5600g Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 5 5600ge Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 3 5300g Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 3 5300ge Firmware< cezannepi-fp6_1.0.0.8
AmdRyzen 9 6980hx Firmware< rmb_1.0.0.4
AmdRyzen 9 6980hs Firmware< rmb_1.0.0.4
AmdRyzen 9 6900hx Firmware< rmb_1.0.0.4
AmdRyzen 9 6900hs Firmware< rmb_1.0.0.4
AmdRyzen 7 6800h Firmware< rmb_1.0.0.4
AmdRyzen 7 6800hs Firmware< rmb_1.0.0.4

Showing 50 of 54 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-26365?
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.
How severe is CVE-2021-26365?
CVE-2021-26365 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.57% probability of exploitation in the next 30 days.
How do I fix CVE-2021-26365?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-26365?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST