CVE-2021-26343

EPSS 0.04%
Published 11.01.2023 08:15:10
Last modified 09.04.2025 14:15:22
Source psirt@amd.com
Teams watchlist Login
Open Login

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Amd ≫ Epyc 7003 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7003 Version-

Amd ≫ Epyc 72f3 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 72f3 Version-

Amd ≫ Epyc 7313 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7313 Version-

Amd ≫ Epyc 7313p Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7313p Version-

Amd ≫ Epyc 7343 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7343 Version-

Amd ≫ Epyc 7373x Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7373x Version-

Amd ≫ Epyc 73f3 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 73f3 Version-

Amd ≫ Epyc 7413 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7413 Version-

Amd ≫ Epyc 7443 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7443 Version-

Amd ≫ Epyc 7443p Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7443p Version-

Amd ≫ Epyc 7453 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7453 Version-

Amd ≫ Epyc 74f3 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 74f3 Version-

Amd ≫ Epyc 7513 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7513 Version-

Amd ≫ Epyc 7543 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7543 Version-

Amd ≫ Epyc 7543p Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7543p Version-

Amd ≫ Epyc 7573x Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7573x Version-

Amd ≫ Epyc 75f3 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 75f3 Version-

Amd ≫ Epyc 7643 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7643 Version-

Amd ≫ Epyc 7663 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7663 Version-

Amd ≫ Epyc 7713 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7713 Version-

Amd ≫ Epyc 7713p Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7713p Version-

Amd ≫ Epyc 7743 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7743 Version-

Amd ≫ Epyc 7763 Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7763 Version-

Amd ≫ Epyc 7773x Firmware Version < milanpi_1.0.0.3

Amd ≫ Epyc 7773x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.132

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26343

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26343

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26343

EUVD