CVE-2021-26344

Summary

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7001 Series Processorsvariousaffected
AMDAMD EPYC™ 7002 Series ProcessorsRomePI 1.0.0.Cunaffected
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.5unaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4V2 1.2.0.Aunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4V2 1.2.0.Aunaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsvariousaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsChagallWSPI-sWRX8 1.0.0.6unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.3unaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7unaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7unaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3 1.0.0.6unaffected
AMDAMD EPYC™ Embedded 3000 Series ProcessorsVariousaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded R1000 Series Processorsvaffected
AMDAMD Ryzen™ Embedded R2000 Series Processorsvaffected
AMDAMD Ryzen™ Embedded 5000 Series Processorsvaffected
AMDAMD Ryzen™ Embedded V1000 Series Processorsvaffected
AMDAMD Ryzen™ Embedded V2000 Series Processorsvaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2 1.0.0.4unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References