CVE-2021-26347

MEDIUM

AMD EPYC 7003 Series Firmware < milanpi-sp3_1.0.0.7 - Denial of Service via Integer Overflow in ASP Bootloader

Title source: llm

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

Scores

CVSS v3 4.7

EPSS 0.0019

EPSS Percentile 8.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1284

Status published

Products (49)

amd/epyc_7002_firmware < romepi-sp3_1.0.0.d

amd/epyc_7232p_firmware < romepi-sp3_1.0.0.d

amd/epyc_7252_firmware < romepi-sp3_1.0.0.d

amd/epyc_7262_firmware < romepi-sp3_1.0.0.d

amd/epyc_7272_firmware < romepi-sp3_1.0.0.d

amd/epyc_7282_firmware < romepi-sp3_1.0.0.d

amd/epyc_72f3_firmware < milanpi-sp3_1.0.0.7

amd/epyc_7302_firmware < romepi-sp3_1.0.0.d

amd/epyc_7302p_firmware < romepi-sp3_1.0.0.d

amd/epyc_7313_firmware < milanpi-sp3_1.0.0.7

... and 39 more

Published May 11, 2022

Tracked Since Feb 18, 2026