fkie_cve-2021-26343
Vulnerability from fkie_nvd
Published
2023-01-11 08:15
Modified
2025-04-09 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E499C61-3359-4640-B128-DD3530196F87",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C912AA31-FB2D-4BD9-B1BD-3C8D7EEE771C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16D8C19A-DFE6-46EE-B6FC-4B31A2207161",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F98FF1A-3A2B-4CED-AEA2-9C4F2AC2D8C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03DE77AA-3E25-4118-AA8C-8C11BDAF60B5",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B02B61B7-7DD3-4164-8D32-EB961E981BC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967966C5-D889-4957-AEF8-B4C6AA862406",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9000686A-DC2B-4561-9C32-E90890EB2EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C781429D-A2AB-49DD-BD4F-D6927DA8F70A",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B9C24B-2C10-4826-A91B-E1C60665FBBE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5480AFE-B8EE-4B93-85FD-4EED10F971C4",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "180B3002-B3C5-48B5-8322-5B64B237C5B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A07311-E3ED-4CD0-BC38-45D64F0D0028",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "678C5F58-8AE9-46FF-8F01-4CF394C87A2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01EE19CC-0038-495B-9045-D83FA24BD957",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1766FF1-77A9-4293-B826-F6A8FBD7AFBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D76DE0-48AB-4836-AE06-BD2765AD4B28",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C474537-3006-41BA-8C3D-5C370E3ACECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80B95B1D-1BD2-483D-9B7A-BEFDFB55D89A",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B13CA-72F4-4CF6-9E12-62E6E9056A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E41600C-05BB-4248-8D67-406ABD618273",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241E39FF-FE66-444C-A4C2-3D28C45341BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A89D1AC-1027-4B97-808D-04855045DDAC",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D08121-DC57-47D7-8214-23A209F0AF08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381F0305-767D-4844-A4BF-65D6DB0477F1",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8264DF4-47B4-4716-AE89-44AFA870D385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C27DB3DA-51DA-4BA7-A73D-E73DFD1BDF76",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52544912-FAA3-4025-A5FD-151B21CEC53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5AF78B-E2B7-477A-8889-6AA2B0349FF3",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77A0A47B-74A1-4731-92A8-BC10FFE58ECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9B914A-9E5C-497E-8FC5-65D088F7C357",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "237FB33B-BF08-4E3E-8E83-EB0AD2F12A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DBC1A7-5FE9-40F1-9E7F-5034F5DBDCCF",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF0AFED-588A-4EFB-8C90-9280BC3A6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C42E77-6F6B-4D30-9321-3C5DFFD21C06",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98E1D79D-0CB0-4FD9-8A82-27CDFBFE07B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAD9EE6-380B-4E07-BB5D-3255CD48200E",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DFCB62-6CDF-4AD2-9265-1887E5780CA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B9F85B-1E48-4A4F-A7D9-D5AD2B60D94B",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D698D3E-BB05-4C65-90F4-8DAE275CD6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60E3CD4B-2468-4823-83CD-349B6D279E14",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2299ED50-B4D2-4BB3-AD87-56D552B84AE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7743_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E9D3B-7317-48DD-AF1A-F743960E3F8D",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7743:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C206A50-1225-4CC8-BC38-A7FEF4E2BA54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9784ACCC-205F-4D8E-813B-3D80207EE865",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F900BDD-F094-41A6-9A23-31F53DBA95D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B3FB12-65E2-40AF-8C2D-17021B5C182D",
"versionEndExcluding": "milanpi_1.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D02B1C69-BAA4-485B-BE22-46BE321F9E4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.\n\n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n insuficiente en los comandos ASP BIOS y DRTM puede permitir que el software supervisor x86 malicioso revele el contenido de la memoria confidencial, lo que puede resultar en la divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2021-26343",
"lastModified": "2025-04-09T14:15:22.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-11T08:15:10.503",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…