CVE-2021-26345

Description

Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

AMD / 2nd Gen AMD EPYC™ Processorsvarious – various
AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
AMD / 4th Gen AMD EPYC™ Processorsvarious – various
AMD / AMD EPYC™ Embedded 7002various – various
AMD / AMD EPYC™ Embedded 7003various – various

References

MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001