Out-of-Bounds Memory Read Vulnerability in AMD Processors
CVE-2021-26345

1.9LOW

Key Information:

Vendor: Amd
Status: 2nd Gen Amd Epyc™ Processors; 3rd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors; Amd Epyc™ Embedded 7002
Vendor: CVE Published:; 14 November 2023

What is CVE-2021-26345?

A vulnerability exists in AMD processors due to improper validation of the APCB token value. This flaw allows a privileged attacker to manipulate the APCB token, potentially leading to an out-of-bounds memory read. Exploitation of this vulnerability may result in a denial of service, interrupting the functionality of affected systems. Users are advised to apply patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

4th Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

1.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jan 29, 2021

Amd

What is CVE-2021-26345?

Affected Version(s)

References

CVSS V3.1

Timeline