CVE-2021-26316
HIGHAMD EPYC 7002 Series Firmware - Arbitrary Code Execution in System Management Mode via BIOS Buffer Tampering
Title source: llmDescription
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031
Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
17.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (50)
amd/athlon_3050ge_firmware
amd/athlon_3150g_firmware
amd/athlon_3150ge_firmware
amd/athlon_gold_3150c_firmware
amd/athlon_gold_3150ge_firmware
amd/athlon_gold_3150u_firmware
amd/athlon_gold_pro_3150g_firmware
amd/athlon_gold_pro_3150ge_firmware
amd/athlon_pro_3045b_firmware
amd/athlon_pro_3145b_firmware
... and 40 more
Published
Jan 11, 2023
Tracked Since
Feb 18, 2026