Buffer Validation Flaw in AMD BIOS Enables Potential Code Execution
CVE-2021-26316

7.8HIGH

Key Information:

Vendor: Amd
Status: Ryzen 5000 Series; Ryzen 2000 Series; Ryzen 3000 Series; 1st Gen Epyc
Vendor: CVE Published:; 11 January 2023

Summary

A vulnerability exists in the BIOS of AMD products due to improper validation of the communication buffer and service. This oversight could allow attackers to exploit the buffer, potentially leading to arbitrary code execution in the System Management Mode (SMM). This type of vulnerability poses significant risks as it operates at a high privilege level within the BIOS, enabling unauthorized access and control over the system.

Affected Version(s)

1st Gen EPYC x86 various

2nd Gen EPYC x86 Various

3rd Gen EPYC x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Jan 29, 2021

Collectors

NVD DatabaseMitre Database