CVE-2021-26344

HIGH

AMD EPYC 7003 Series Firmware < milanpi_1.0.0.5 - Out-of-bounds Write in APCB Processing

Title source: llm

Description

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Scores

CVSS v3 7.2

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (50)

amd/epyc_7001_firmware

amd/epyc_7203_firmware < milanpi_1.0.0.5

amd/epyc_7203p_firmware < milanpi_1.0.0.5

amd/epyc_7232p_firmware < romepi_1.0.0.c

amd/epyc_7251_firmware

amd/epyc_7252_firmware < romepi_1.0.0.c

amd/epyc_7261_firmware

amd/epyc_7262_firmware < romepi_1.0.0.c

amd/epyc_7272_firmware < romepi_1.0.0.c

amd/epyc_7281_firmware

... and 40 more

Published Aug 13, 2024

Tracked Since Feb 18, 2026