VYPR
Unrated severityNVD Advisory· Published Jan 10, 2023· Updated Apr 8, 2025

CVE-2021-26402

CVE-2021-26402

Description

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

Affected products

3
  • AMD/2nd Gen EPYCv5
    Range: Various
  • AMD/3rd Gen EPYCv5
    Range: various

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.