Integer Overflow Vulnerability in AMD System Management Unit
CVE-2021-26329

5.5MEDIUM

Key Information:

Vendor: Amd
Status: 1st Gen Amd Epyc™; 2nd Gen Amd Epyc™; 3rd Gen Amd Epyc™
Vendor: CVE Published:; 16 November 2021

Summary

The AMD System Management Unit (SMU) is susceptible to an integer overflow error when an invalid length is supplied. This flaw may lead to resource exhaustion, posing potential risks to system stability and security. It underscores the importance of validating input parameters to prevent such vulnerabilities from being exploited.

Affected Version(s)

1st Gen AMD EPYC™ < unspecified

2nd Gen AMD EPYC™ < unspecified

3rd Gen AMD EPYC™ < unspecified

References

https://www.amd.com/en/corporate/product-security/bulleti...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Jan 29, 2021