CVE-2021-26365

high-risk

Published 2023-05-09

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (20)

Ryzen 5 2400G Firmware

Ryzen 5 2400Ge Firmware

Ryzen 3 2200Ge Firmware

Ryzen 3 2200G Firmware

Ryzen 3 Pro 2100Ge Firmware

Ryzen 9 5900X Firmware

Ryzen 9 5950X Firmware

Ryzen 9 5900 Firmware

Ryzen 7 5800 Firmware

Ryzen 7 5800X Firmware

Ryzen 7 5800X3D Firmware

Ryzen 7 5700X Firmware

Ryzen 5 5600 Firmware

Ryzen 5 5600X Firmware

Ryzen 5 5500 Firmware

Ryzen 3 3200U Firmware

Ryzen 3 3250C Firmware

Ryzen 3 3250U Firmware

Amd 3015E Firmware

Amd 3015Ce Firmware

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

/ 100

high-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 26/34 · High