CVE-2021-26356
HIGHAMD EPYC 7001 Series Firmware - Time-of-check Time-of-use Race Condition in ASP Bootloader
Title source: llmDescription
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001
Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001
Scores
CVSS v3
7.4
EPSS
0.0021
EPSS Percentile
43.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (50)
amd/epyc_7001_firmware
< naplespi_1.0.0.h
amd/epyc_7002_firmware
< romepi_1.0.0.d
amd/epyc_7232p_firmware
< romepi_1.0.0.d
amd/epyc_7251_firmware
< naplespi_1.0.0.h
amd/epyc_7252_firmware
< romepi_1.0.0.d
amd/epyc_7261_firmware
< naplespi_1.0.0.h
amd/epyc_7262_firmware
< romepi_1.0.0.d
amd/epyc_7272_firmware
< romepi_1.0.0.d
amd/epyc_7281_firmware
< naplespi_1.0.0.h
amd/epyc_7282_firmware
< romepi_1.0.0.d
... and 40 more
Published
May 09, 2023
Tracked Since
Feb 18, 2026