Information Disclosure in AMD Bootloader due to Malicious Applications
CVE-2021-26371

5.5MEDIUM

Key Information:

Vendor

Amd
Status
Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4
Ryzen™ 3000 Series Desktop Processors “matisse” Am4
Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4
3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt
Vendor
CVE Published:
9 May 2023

What is CVE-2021-26371?

A vulnerability exists in the AMD bootloader, where a compromised or malicious ABL (Application Boot Loader) or UApp (User Application) can exploit the system by sending a SHA256 system call to the bootloader. This improper handling may expose sensitive ASP (Application State Protocol) memory to userspace, potentially allowing unauthorized users to access confidential information stored within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

1st Gen AMD EPYC™ Processors x86 various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.