CVE-2021-26315

Summary

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used.

Affected Software

VendorProductVersion RangeStatus
AMD3rd Gen AMD EPYC™unspecified < MilanPI-SP3_1.0.0.4affected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

References