cve-2021-26397
Vulnerability from cvelistv5
Published
2023-05-09 18:36
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Insufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations
potentially resulting in a loss of integrity or availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | 3rd Gen AMD EPYC™ |
Version: various |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n" } ], "value": "Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:51:10.456Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26397", "datePublished": "2023-05-09T18:36:19.135Z", "dateReserved": "2021-01-29T21:24:26.165Z", "dateUpdated": "2024-08-03T20:26:25.294Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-26397\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-05-09T19:15:10.903\",\"lastModified\":\"2024-11-21T05:56:17.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient address validation, may allow an\\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\\npotentially resulting in a loss of integrity or availability.\\n\\n\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"263AB8A4-3F7B-438F-808D-742FCCA4C51C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F98FF1A-3A2B-4CED-AEA2-9C4F2AC2D8C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"71C28200-421A-4CAB-9D6A-D05C9F56A4FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02B61B7-7DD3-4164-8D32-EB961E981BC9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"425EC5D5-CF0C-416F-91DA-0BC6EF24237A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9000686A-DC2B-4561-9C32-E90890EB2EBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"F821EFAC-1FDA-433E-880B-3B5E165708BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B9C24B-2C10-4826-A91B-E1C60665FBBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"C9DC9C16-E1C3-4A45-ADF6-17F0A763CB41\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180B3002-B3C5-48B5-8322-5B64B237C5B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"5804A608-E90A-4EA3-9FE3-48B839B250F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678C5F58-8AE9-46FF-8F01-4CF394C87A2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"1FC3377B-6BE5-4044-9FBB-73CD0BF511F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1766FF1-77A9-4293-B826-F6A8FBD7AFBF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"6A788DBB-D426-4200-BFF6-85DB621D0081\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C474537-3006-41BA-8C3D-5C370E3ACECD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"0BC50066-6F94-4D7C-A13F-D2AC82D0F78D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2B13CA-72F4-4CF6-9E12-62E6E9056A14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"1B07E5CE-AF11-4604-AA3D-389A93BA4A04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"241E39FF-FE66-444C-A4C2-3D28C45341BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"AE405A6E-591B-4071-A85A-CA0E58A20C5B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07E922F-C1AB-469C-A1C1-9F9E58332DFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"9208F862-3ECD-43F6-932F-3B12BAB90A3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D08121-DC57-47D7-8214-23A209F0AF08\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"DF7B3F45-D6F0-4C1A-B119-8BA44721DD29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8264DF4-47B4-4716-AE89-44AFA870D385\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"5810391D-A9D5-4143-88C3-768FC209DEB5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52544912-FAA3-4025-A5FD-151B21CEC53B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"2CD06657-B191-42D9-A617-253116A94214\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A0A47B-74A1-4731-92A8-BC10FFE58ECF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"0DD1876D-FA52-416F-AE70-46501E485BDE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237FB33B-BF08-4E3E-8E83-EB0AD2F12A4B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"6D11F267-D5DF-46A8-8835-8D204A8090E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBF0AFED-588A-4EFB-8C90-9280BC3A6720\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"7940013E-9F28-463B-AE85-CD1D9C191322\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98E1D79D-0CB0-4FD9-8A82-27CDFBFE07B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"3F17D48A-00D1-45C1-9235-9889561E5A5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DFCB62-6CDF-4AD2-9265-1887E5780CA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"420022FB-EF46-4D78-B9A3-C21F16895F1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D698D3E-BB05-4C65-90F4-8DAE275CD6A4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"6E3F2ADB-9CBA-4F23-BB30-26D7DD096EC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2299ED50-B4D2-4BB3-AD87-56D552B84AE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"E0EB4211-6B22-4B04-93EC-BAE8E0515548\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F900BDD-F094-41A6-9A23-31F53DBA95D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi_1.0.0.9\",\"matchCriteriaId\":\"3490F5BE-9886-4596-B79C-C79B70822C6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02B1C69-BAA4-485B-BE22-46BE321F9E4E\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.