CVE-2021-26370
N/A
N/A
Summary
Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | 2nd Gen AMD EPYC™ | unspecified < RomePI-SP3_1.0.0.C | affected |
| AMD | 3rd Gen AMD EPYC™ | unspecified < MilanPI-SP3_1.0.0.4 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.