CVE-2021-26344

moderate-risk

Published 2024-08-13

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

LOCAL / HIGH complexity

Affected Products (20)

Epyc 7203 Firmware

Epyc 7203P Firmware

Epyc 72F3 Firmware

Epyc 7303 Firmware

Epyc 7303P Firmware

Epyc 7313 Firmware

Epyc 7313P Firmware

Epyc 7343 Firmware

Epyc 73F3 Firmware

Epyc 7373X Firmware

Epyc 7413 Firmware

Epyc 7443 Firmware

Epyc 7443P Firmware

Epyc 74F3 Firmware

Epyc 7453 Firmware

Epyc 7473X Firmware

Epyc 7513 Firmware

Epyc 7543 Firmware

Epyc 7543P Firmware

Epyc 75F3 Firmware

Affected Vendors

Amd

References (1)

Vendor Advisory https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

/ 100

moderate-risk

Severity 19/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical