Potential Mapping of DRAM Regions in Protected Areas Could Lead to Loss of Platform Integrity
CVE-2021-26387
3.9LOW
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7001 Series Processors
- Amd Epyc™ 7002 Series Processors
- Amd Epyc™ 7003 Series Processors
- Amd Epyc™ 9004 Series Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Affected Version(s)
AMD EPYC™ 7001 Series Processors <= various
AMD EPYC™ 7002 Series Processors <= various
AMD EPYC™ 7003 Series Processors <= various
CVSS V3.1
Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database