CVE-2021-26356

7.4HIGH

Key Information

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse” Am4; Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4; 3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt; Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws
Vendor: CVE Published:; 9 May 2023

Summary

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

Affected Version(s)

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 = various

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 = various

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT = various

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 9, 2023
Vulnerability Reserved.
Jan 29, 2021

Collectors

NVD DatabaseMitre Database