Lucene search

[email protected]CVE-2021-26388

HistoryMay 11, 2022 - 5:15 p.m.

CVE-2021-26388

2022-05-1117:15:00

CWE-125

[email protected]

web.nvd.nist.gov

cve-2021-26388

bios directory

validation

ram

out of bounds

denial of service

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.3%

JSON

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

CPENameOperatorVersion
amd:epyc_7232p_firmwareamd epyc 7232p firmwareltromepi-sp3_1.0.0.d
amd:epyc_7302p_firmwareamd epyc 7302p firmwareltromepi-sp3_1.0.0.d
amd:epyc_7402p_firmwareamd epyc 7402p firmwareltromepi-sp3_1.0.0.d
amd:epyc_7502p_firmwareamd epyc 7502p firmwareltromepi-sp3_1.0.0.d
amd:epyc_7702p_firmwareamd epyc 7702p firmwareltromepi-sp3_1.0.0.d
amd:epyc_7252_firmwareamd epyc 7252 firmwareltromepi-sp3_1.0.0.d
amd:epyc_7262_firmwareamd epyc 7262 firmwareltromepi-sp3_1.0.0.d
amd:epyc_7272_firmwareamd epyc 7272 firmwareltromepi-sp3_1.0.0.d
amd:epyc_7282_firmwareamd epyc 7282 firmwareltromepi-sp3_1.0.0.d
amd:epyc_7302_firmwareamd epyc 7302 firmwareltromepi-sp3_1.0.0.d

CPE	Name	Operator	Version
amd:epyc_7232p_firmware	amd epyc 7232p firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7302p_firmware	amd epyc 7302p firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7402p_firmware	amd epyc 7402p firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7502p_firmware	amd epyc 7502p firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7702p_firmware	amd epyc 7702p firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7252_firmware	amd epyc 7252 firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7262_firmware	amd epyc 7262 firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7272_firmware	amd epyc 7272 firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7282_firmware	amd epyc 7282 firmware	lt	romepi-sp3_1.0.0.d
amd:epyc_7302_firmware	amd epyc 7302 firmware	lt	romepi-sp3_1.0.0.d

Rows per page:

1-10 of 1541

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.3%

JSON

Related for CVE-2021-26388

cnvd1 prion1 cvelist1 openvas7 amd2 hp1