Insufficient Bounds Checking in AMD ASP Products
CVE-2021-26354

5.5MEDIUM

Key Information:

Vendor: Amd
Status: Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4; Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”; Ryzen™ 3000 Series Desktop Processors “matisse” Am4; Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4
Vendor: CVE Published:; 9 May 2023

What is CVE-2021-26354?

A vulnerability exists in AMD's ASP due to insufficient bounds checking. This flaw may allow an attacker to execute system calls from a compromised ABL, leading to the potential initialization of arbitrary memory values to zero. Such actions could ultimately result in significant integrity issues within affected systems, highlighting the need for immediate security updates to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

2nd Gen AMD EPYC™ Processors x86 various

2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Jan 29, 2021

JSON

Amd

What is CVE-2021-26354?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.