CVE-2021-26345

1.9LOW

Key Information:

Vendor
Amd
Status
2nd Gen Amd Epyc™ Processors
3rd Gen Amd Epyc™ Processors
4th Gen Amd Epyc™ Processors
Amd Epyc™ Embedded 7002
Vendor
CVE Published:
14 November 2023

Summary

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

Affected Version(s)

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

4th Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:
1.9
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.