Back

CVE-2021-26387

Aug. 13, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

AMD processors

Source

psirt@amd.com

Tags

psirt@amd.com
2024-08-13
CVE-2021-26387

CVE-2021-26387 details

Published : Aug. 13, 2024, 5:15 p.m.
Last Modified : Aug. 13, 2024, 5:15 p.m.

Description

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

CVSS Score

1 2 3.9 4 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

Base Score

3.9

Exploitability Score

0.8

Impact Score

2.7

Base Severity

LOW

Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

References

URL Source
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html psirt@amd.com
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html psirt@amd.com
This website uses the NVD API, but is not approved or certified by it.