CVE-2021-26344

HIGH

AMD Epyc 7203 Firmware < milanpi_1.0.0.5 - Out-of-Bounds Write

Title source: rule

Description

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

References (1)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Scores

CVSS v3 7.2

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (50)

amd/epyc_7203_firmware < milanpi_1.0.0.5

amd/epyc_7203p_firmware < milanpi_1.0.0.5

amd/epyc_72f3_firmware < milanpi_1.0.0.5

amd/epyc_7303_firmware < milanpi_1.0.0.5

amd/epyc_7303p_firmware < milanpi_1.0.0.5

amd/epyc_7313_firmware < milanpi_1.0.0.5

amd/epyc_7313p_firmware < milanpi_1.0.0.5

amd/epyc_7343_firmware < milanpi_1.0.0.5

amd/epyc_73f3_firmware < milanpi_1.0.0.5

amd/epyc_7373x_firmware < milanpi_1.0.0.5

amd/epyc_7413_firmware < milanpi_1.0.0.5

amd/epyc_7443_firmware < milanpi_1.0.0.5

amd/epyc_7443p_firmware < milanpi_1.0.0.5

amd/epyc_74f3_firmware < milanpi_1.0.0.5

amd/epyc_7453_firmware < milanpi_1.0.0.5

... and 35 more

Timeline

Published Aug 13, 2024

Tracked Since Feb 18, 2026