Potential Vulnerability in AMD PSP1 Configuration Block Could Allow Arbitrary Code Execution

CVE-2021-26344

7.2HIGH

Key Information

Vendor: Amd
Status: Amd Epyc™ 7001 Series Processors; Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Ryzen™ 3000 Series Desktop Processors
Vendor: CVE Published:; 13 August 2024

Summary

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

Affected Version(s)

AMD EPYC™ 7001 Series Processors <= various

AMD EPYC™ 7002 Series Processors <= RomePI 1.0.0.C

AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.5

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jan 29, 2021

Collectors

NVD DatabaseMitre Database