Potential Mapping of DRAM Regions in Protected Areas Could Lead to Loss of Platform Integrity

CVE-2021-26387

3.9LOW

Key Information

Vendor: Amd
Status: Amd Epyc™ 7001 Series Processors; Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9004 Series Processors
Vendor: CVE Published:; 13 August 2024

Summary

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

Affected Version(s)

AMD EPYC™ 7001 Series Processors <= various

AMD EPYC™ 7002 Series Processors <= various

AMD EPYC™ 7003 Series Processors <= various

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jan 29, 2021

Collectors

NVD DatabaseMitre Database