CVE-2021-26370

CVE-2021-26370

Vendor Amd

Product 2nd Gen AMD EPYC™

Weakness CWE-20 · Input validation

Published May 10, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

Key dates

02Disclosure timeline

May 10, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-26370

Related vulnerabilities

Identifiers

CVE CVE-2021-26370

CWE CWE-20

Affected versions

Vendor Amd

Product 2nd Gen AMD EPYC™

Affected ≥ unspecified and < RomePI-SP3_1.0.0.C

Vendor Amd

Product 3rd Gen AMD EPYC™

Affected ≥ unspecified and < MilanPI-SP3_1.0.0.4

01Description

02Disclosure timeline

03References

04Related CVE