CVE-2021-26356
7.4HIGH
Key Information
- Vendor
- Amd
- Status
- Ryzen™ 3000 Series Desktop Processors “matisse” Am4
- Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4
- 3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt
- Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws
- Vendor
- CVE Published:
- 9 May 2023
Summary
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
Affected Version(s)
Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 = various
AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 = various
3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT = various
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database