Potential Vulnerability in AMD PSP1 Configuration Block Could Allow Arbitrary Code Execution
CVE-2021-26344
7.2HIGH
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7001 Series Processors
- Amd Epyc™ 7002 Series Processors
- Amd Epyc™ 7003 Series Processors
- Amd Ryzen™ 3000 Series Desktop Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
Affected Version(s)
AMD EPYC™ 7001 Series Processors <= various
AMD EPYC™ 7002 Series Processors <= RomePI 1.0.0.C
AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.5
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database