CVE-2021-26371

Summary

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4variousaffected
AMDRyzen™ 3000 Series Desktop Processors “Matisse” AM4variousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4variousaffected
AMD3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Castle Peak” WSvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Chagall” WSvariousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPvariousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”variousaffected
AMDRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP5variousaffected
AMDRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”variousaffected
AMD1st Gen AMD EPYC™ Processorsvariousaffected
AMD2nd Gen AMD EPYC™ Processorsvariousaffected
AMD3rd Gen AMD EPYC™ Processorsvariousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References