CVE-2021-26364

MEDIUM

AMD EPYC 7002 Series Firmware < romepi-sp3_1.0.0.d - Denial of Service via SMU Mailbox Register

Title source: llm

Description

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 32.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (44)

amd/epyc_7232p_firmware < romepi-sp3_1.0.0.d

amd/epyc_7252_firmware < romepi-sp3_1.0.0.d

amd/epyc_7262_firmware < romepi-sp3_1.0.0.d

amd/epyc_7272_firmware < romepi-sp3_1.0.0.d

amd/epyc_7282_firmware < romepi-sp3_1.0.0.d

amd/epyc_72f3_firmware < milanpi-sp3_1.0.0.7

amd/epyc_7302_firmware < romepi-sp3_1.0.0.d

amd/epyc_7302p_firmware < romepi-sp3_1.0.0.d

amd/epyc_7313p_firmware < milanpi-sp3_1.0.0.7

amd/epyc_7343_firmware < milanpi-sp3_1.0.0.7

... and 34 more

Published May 11, 2022

Tracked Since Feb 18, 2026