Products
AMD processors
Source
psirt@amd.com
Tags
CVE-2021-26387 details
Published : Aug. 13, 2024, 5:15 p.m.
Last Modified : Aug. 13, 2024, 5:15 p.m.
Last Modified : Aug. 13, 2024, 5:15 p.m.
Description
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
CVSS Score
1 | 2 | 3.9 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
3.9
Exploitability Score
0.8
Impact Score
2.7
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
References
URL | Source |
---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | psirt@amd.com |
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html | psirt@amd.com |
This website uses the NVD API, but is not approved or certified by it.