CVE-2021-26343

MEDIUM

AMD Epyc 7003 Firmware < milanpi_1.0.0.3 - Exposure to Wrong Actor

Title source: rule

Description

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (24)

amd/epyc_7003_firmware < milanpi_1.0.0.3

amd/epyc_72f3_firmware < milanpi_1.0.0.3

amd/epyc_7313_firmware < milanpi_1.0.0.3

amd/epyc_7313p_firmware < milanpi_1.0.0.3

amd/epyc_7343_firmware < milanpi_1.0.0.3

amd/epyc_7373x_firmware < milanpi_1.0.0.3

amd/epyc_73f3_firmware < milanpi_1.0.0.3

amd/epyc_7413_firmware < milanpi_1.0.0.3

amd/epyc_7443_firmware < milanpi_1.0.0.3

amd/epyc_7443p_firmware < milanpi_1.0.0.3

amd/epyc_7453_firmware < milanpi_1.0.0.3

amd/epyc_74f3_firmware < milanpi_1.0.0.3

amd/epyc_7513_firmware < milanpi_1.0.0.3

amd/epyc_7543_firmware < milanpi_1.0.0.3

amd/epyc_7543p_firmware < milanpi_1.0.0.3

... and 9 more

Timeline

Published Jan 11, 2023

Tracked Since Feb 18, 2026