CVE-2021-26356

Summary

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processors “Matisse” AM4variousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4variousaffected
AMD3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Castle Peak” WSvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Chagall” WSvariousaffected
AMD1st Gen AMD EPYC™ Processorsvariousaffected
AMD2nd Gen AMD EPYC™ Processorsvariousaffected
AMD3rd Gen AMD EPYC™ Processorsvariousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References