Lucene search

Redhat.comRH:CVE-2021-26346

HistoryJan 25, 2023 - 12:05 p.m.

CVE-2021-26346

2023-01-2512:05:35

redhat.com

access.redhat.com

amd

secure processor

integer overflow

spi flash

denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

A flaw was found in hw. Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash, resulting in a potential denial of service.

Mitigation

Please contact AMD for more updates on this flaw.

References

bugzilla.redhat.com/show_bug.cgi?id=2164372

nvd.nist.gov/vuln/detail/CVE-2021-26346

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031

www.cve.org/CVERecord?id=CVE-2021-26346

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

12.7%

JSON

Related for RH:CVE-2021-26346