3.9
CVE-2021-26387
- EPSS 0.02%
- Published 13.08.2024 17:15:17
- Last modified 30.10.2024 18:35:00
- Source psirt@amd.com
- Teams watchlist Login
- Open Login
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAMD
≫
Product
AMD EPYC™ 7001 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ 7002 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD Ryzen™ 3000 Series Desktop Processors
Default Statusaffected
Version
ComboAM4PI 1.0.0.9
Status
unaffected
Version
ComboAM4 V2 PI 1.2.0.8
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 5000 Series Desktop Processors
Default Statusaffected
Version
ComboAM4 V2 PI 1.2.0.8
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4v2 PI 1.2.0.6
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 7000 Series Desktop Processors
Default Statusaffected
Version
ComboAM5 1.0.8.0
Status
unaffected
VendorAMD
≫
Product
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4PI 1.0.0.9
Status
unaffected
Version
ComboAM4v2 PI 1.2.0.8
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4v2 PI 1.2.0.5
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Threadripper™ 3000 Series Processors
Default Statusaffected
Version
CastlePeakPI-SP3r3 1.0.0.7
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
Default Statusaffected
Version
ChagallWSPI-sWRX8 1.0.0.2
Status
unaffected
Version
CastlePeakWSPI-sWRX8 1.0.0.9
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
Default Statusaffected
Version
ChagallWSPI-sWRX8 1.0.0.2
Status
unaffected
VendorAMD
≫
Product
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
PicassoPI-FP5 1.0.0.E
Status
unaffected
VendorAMD
≫
Product
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
PollockPI-FT5 1.0.0.4
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
Default Statusaffected
Version
PicassoPI-FP5 1.0.0.E
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
RenoirPI-FP6 1.0.0.8
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
RembrandtPI-FP7 1.0.0.9b
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
RembrandtPI-FP7 1.0.0.9b
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
VendorAMD
≫
Product
AMD EPYC™ Embedded 3000 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ Embedded 7002 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD EPYC™ Embedded 9003 Series Processors
Default Statusaffected
Version
various
Status
affected
VendorAMD
≫
Product
AMD Ryzen™ Embedded R1000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP5 1.2.0.A
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Embedded R2000 Series Processors
Default Statusaffected
Version
EmbeddedR2KPI-FP5 1.0.0.2
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Embedded 5000 Series Processors
Default Statusaffected
Version
EmbAM4PI 1.0.0.2
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Embedded V1000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP5 1.2.0.A
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Embedded V2000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP6 1.0.0.6
Status
unaffected
VendorAMD
≫
Product
AMD Ryzen™ Embedded V3000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP7r2 1.0.0.9
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.031 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@amd.com | 3.9 | 0.8 | 2.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.