Potential Mapping of DRAM Regions in Protected Areas Could Lead to Loss of Platform Integrity
CVE-2021-26387

3.9LOW

Key Information:

Vendor

Amd
Status
Amd Epyc™ 7001 Series Processors
Amd Epyc™ 7002 Series Processors
Amd Epyc™ 7003 Series Processors
Amd Epyc™ 9004 Series Processors
Vendor
CVE Published:
13 August 2024

What is CVE-2021-26387?

An access control vulnerability within the ASP kernel of AMD products can be exploited by an attacker with privileged access. This scenario involves the attacker having access to AMD signing keys and the BIOS menu or UEFI shell. By leveraging this access, the attacker could potentially map DRAM regions in protected areas, which may compromise the integrity of the platform. It highlights a significant concern for users relying on AMD technologies who must ensure proper access controls are enforced to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4PI 1.0.0.9

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PollockPI-FT5 1.0.0.4

References

https://www.amd.com/en/resources/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.