CVE-2021-26365

HIGH

AMD Ryzen 5 2400g Firmware - Out-of-Bounds Read

Title source: rule

Description

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Scores

CVSS v3 8.2

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (50)

amd/amd_3015ce_firmware < pollockpi-ft5_1.0.0.3

amd/amd_3015e_firmware < pollockpi-ft5_1.0.0.3

amd/ryzen_3_2200g_firmware

amd/ryzen_3_2200ge_firmware

amd/ryzen_3_2200u_firmware

amd/ryzen_3_2300u_firmware

amd/ryzen_3_3200g_firmware

amd/ryzen_3_3200ge_firmware

amd/ryzen_3_3200u_firmware < picassopi-fp5_1.0.0.d

amd/ryzen_3_3250c_firmware < picassopi-fp5_1.0.0.d

... and 40 more

Published May 09, 2023

Tracked Since Feb 18, 2026