CVE-2021-26346

moderate-risk

Published 2023-01-11

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Ryzen 3 3100 Firmware

Ryzen 3 3200G Firmware

Ryzen 3 3200U Firmware

Ryzen 3 3250C Firmware

Ryzen 3 3250U Firmware

Ryzen 3 3300G Firmware

Ryzen 3 3300U Firmware

Ryzen 3 3300X Firmware

Ryzen 3 3350U Firmware

Ryzen 3 3450U Firmware

Ryzen 3 3500C Firmware

Ryzen 3 3500U Firmware

Ryzen 3 3550H Firmware

Ryzen 3 3580U Firmware

Ryzen 3 3700C Firmware

Ryzen 3 3700U Firmware

Ryzen 3 3750H Firmware

Ryzen 3 3780U Firmware

Ryzen 3 5125C Firmware

Ryzen 3 5300G Firmware

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 30/34 · Critical