CVE-2021-26365

8.2HIGH

Key Information

Vendor: Amd
Status: Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” Am4; Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp; Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”
Vendor: CVE Published:; 9 May 2023

Summary

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Affected Version(s)

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 = various

Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 = various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP = various

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 9, 2023
Vulnerability Reserved.
Jan 29, 2021

Collectors

NVD DatabaseMitre Database