Potential Vulnerability in AMD PSP1 Configuration Block Could Allow Arbitrary Code Execution
CVE-2021-26344

8.2HIGH

Key Information:

Vendor
Amd
Status
Amd Epyc™ 7001 Series Processors
Amd Epyc™ 7002 Series Processors
Amd Epyc™ 7003 Series Processors
Amd Ryzen™ 3000 Series Desktop Processors
Vendor
CVE Published:
13 August 2024

Summary

An out of bounds memory write vulnerability occurs when processing the AMD PSP1 Configuration Block (APCB), which could enable an attacker with necessary access to alter the BIOS image. This flaw could potentially be exploited to modify the APCB block, allowing for arbitrary code execution. Attackers capable of signing the modified BIOS images could leverage this vulnerability, potentially leading to severe security implications.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

References

https://www.amd.com/en/resources/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.