Unrated severityNVD Advisory· Published May 9, 2023· Updated Jan 28, 2025
CVE-2021-26356
CVE-2021-26356
Description
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
Affected products
9- AMD/1st Gen AMD EPYC™ Processorsv5Range: various
- AMD/2nd Gen AMD EPYC™ Processorsv5Range: various
- AMD/3rd Gen AMD EPYC™ Processorsv5Range: various
- AMD/3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTv5Range: various
- AMD/AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4v5Range: various
- AMD/Ryzen™ 3000 Series Desktop Processors “Matisse” AM4v5Range: various
- AMD/Ryzen™ Threadripper™ PRO Processors “Castle Peak” WSv5Range: various
- AMD/Ryzen™ Threadripper™ PRO Processors “Chagall” WSv5Range: various
Patches
Vulnerability mechanics
References
2- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001mitrevendor-advisory
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001mitrevendor-advisory
News mentions
0No linked articles in our index yet.