3.9
CVE-2021-26387
- EPSS 0.02%
- Veröffentlicht 13.08.2024 17:15:17
- Zuletzt bearbeitet 30.10.2024 18:35:00
- Quelle psirt@amd.com
- Teams Watchlist Login
- Unerledigt Login
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
≫
Produkt
AMD EPYC™ 7001 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ 7002 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 3000 Series Desktop Processors
Default Statusaffected
Version
ComboAM4PI 1.0.0.9
Status
unaffected
Version
ComboAM4 V2 PI 1.2.0.8
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 5000 Series Desktop Processors
Default Statusaffected
Version
ComboAM4 V2 PI 1.2.0.8
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4v2 PI 1.2.0.6
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 7000 Series Desktop Processors
Default Statusaffected
Version
ComboAM5 1.0.8.0
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4PI 1.0.0.9
Status
unaffected
Version
ComboAM4v2 PI 1.2.0.8
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
Default Statusaffected
Version
ComboAM4v2 PI 1.2.0.5
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Threadripper™ 3000 Series Processors
Default Statusaffected
Version
CastlePeakPI-SP3r3 1.0.0.7
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
Default Statusaffected
Version
ChagallWSPI-sWRX8 1.0.0.2
Status
unaffected
Version
CastlePeakWSPI-sWRX8 1.0.0.9
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
Default Statusaffected
Version
ChagallWSPI-sWRX8 1.0.0.2
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
PicassoPI-FP5 1.0.0.E
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
PollockPI-FT5 1.0.0.4
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
Default Statusaffected
Version
PicassoPI-FP5 1.0.0.E
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
RenoirPI-FP6 1.0.0.8
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
RembrandtPI-FP7 1.0.0.9b
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
RembrandtPI-FP7 1.0.0.9b
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version
CezannePI-FP6 1.0.0.9
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 3000 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 7002 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 9003 Series Processors
Default Statusaffected
Version
various
Status
affected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded R1000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP5 1.2.0.A
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded R2000 Series Processors
Default Statusaffected
Version
EmbeddedR2KPI-FP5 1.0.0.2
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded 5000 Series Processors
Default Statusaffected
Version
EmbAM4PI 1.0.0.2
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded V1000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP5 1.2.0.A
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded V2000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP6 1.0.0.6
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Ryzen™ Embedded V3000 Series Processors
Default Statusaffected
Version
EmbeddedPI-FP7r2 1.0.0.9
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.031 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 3.9 | 0.8 | 2.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.