CVE-2021-26346

MEDIUM

AMD Ryzen 3 Firmware - Denial of Service via Integer Overflow in ASP Bootloader

Title source: llm

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (50)

amd/ryzen_3_3100_firmware

amd/ryzen_3_3200g_firmware

amd/ryzen_3_3200u_firmware

amd/ryzen_3_3250c_firmware

amd/ryzen_3_3250u_firmware

amd/ryzen_3_3300g_firmware

amd/ryzen_3_3300u_firmware

amd/ryzen_3_3300x_firmware

amd/ryzen_3_3350u_firmware

amd/ryzen_3_3450u_firmware

... and 40 more

Published Jan 11, 2023

Tracked Since Feb 18, 2026