CVE-2021-26316
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | Ryzen 5000 Series | various | affected |
| AMD | Ryzen 2000 Series | various | affected |
| AMD | Ryzen 3000 Series | various | affected |
| AMD | 1st Gen EPYC | various | affected |
| AMD | 2nd Gen EPYC | Various | affected |
| AMD | 3rd Gen EPYC | various | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.