CVE-2021-26343

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:epyc_7743_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7743:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:31

Type	Values Removed	Values Added
Summary	~~Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.~~	Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

18 Jan 2023, 23:28

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:h:amd:epyc_7713:-:::::::* cpe:2.3:h:amd:epyc_72f3:-:::::::* cpe:2.3:o:amd:epyc_7443_firmware:::::::: cpe:2.3:h:amd:epyc_7453:-:::::::* cpe:2.3:o:amd:epyc_7643_firmware:::::::: cpe:2.3:o:amd:epyc_7313p_firmware:::::::: cpe:2.3:h:amd:epyc_7513:-:::::::* cpe:2.3:h:amd:epyc_75f3:-:::::::* cpe:2.3:o:amd:epyc_7343_firmware:::::::: cpe:2.3:h:amd:epyc_7743:-:::::::* cpe:2.3:o:amd:epyc_74f3_firmware:::::::: cpe:2.3:h:amd:epyc_7713p:-:::::::* cpe:2.3:h:amd:epyc_7443:-:::::::* cpe:2.3:o:amd:epyc_7713_firmware:::::::: cpe:2.3:o:amd:epyc_7443p_firmware:::::::: cpe:2.3:h:amd:epyc_7773x:-:::::::* cpe:2.3:h:amd:epyc_7543p:-:::::::* cpe:2.3:o:amd:epyc_73f3_firmware:::::::: cpe:2.3:o:amd:epyc_7373x_firmware:::::::: cpe:2.3:o:amd:epyc_7543p_firmware:::::::: cpe:2.3:h:amd:epyc_7443p:-:::::::* cpe:2.3:o:amd:epyc_7413_firmware:::::::: cpe:2.3:o:amd:epyc_7573x_firmware:::::::: cpe:2.3:o:amd:epyc_7743_firmware:::::::: cpe:2.3:o:amd:epyc_7773x_firmware:::::::: cpe:2.3:o:amd:epyc_7513_firmware:::::::: cpe:2.3:h:amd:epyc_7543:-:::::::* cpe:2.3:h:amd:epyc_7643:-:::::::* cpe:2.3:o:amd:epyc_7663_firmware:::::::: cpe:2.3:h:amd:epyc_7373x:-:::::::* cpe:2.3:o:amd:epyc_7313_firmware:::::::: cpe:2.3:h:amd:epyc_74f3:-:::::::* cpe:2.3:o:amd:epyc_75f3_firmware:::::::: cpe:2.3:o:amd:epyc_7713p_firmware:::::::: cpe:2.3:o:amd:epyc_72f3_firmware:::::::: cpe:2.3:o:amd:epyc_7003_firmware:::::::: cpe:2.3:h:amd:epyc_7003:-:::::::* cpe:2.3:h:amd:epyc_7763:-:::::::* cpe:2.3:o:amd:epyc_7453_firmware:::::::: cpe:2.3:h:amd:epyc_7663:-:::::::* cpe:2.3:o:amd:epyc_7763_firmware:::::::: cpe:2.3:h:amd:epyc_7573x:-:::::::* cpe:2.3:h:amd:epyc_7343:-:::::::* cpe:2.3:h:amd:epyc_7413:-:::::::* cpe:2.3:h:amd:epyc_73f3:-:::::::* cpe:2.3:o:amd:epyc_7543_firmware:::::::: cpe:2.3:h:amd:epyc_7313p:-:::::::* cpe:2.3:h:amd:epyc_7313:-:::::::*
First Time		Amd epyc 7713 Firmware Amd epyc 7573x Firmware Amd epyc 7573x Amd epyc 73f3 Firmware Amd epyc 7773x Firmware Amd epyc 7513 Firmware Amd epyc 7443p Amd epyc 7543 Amd epyc 75f3 Amd epyc 7313 Firmware Amd epyc 7743 Amd epyc 7313p Firmware Amd epyc 7413 Firmware Amd epyc 7373x Firmware Amd epyc 72f3 Firmware Amd epyc 75f3 Firmware Amd epyc 7373x Amd epyc 7663 Firmware Amd epyc 7513 Amd epyc 7713p Amd epyc 7763 Firmware Amd epyc 72f3 Amd epyc 7543 Firmware Amd epyc 7643 Firmware Amd epyc 7413 Amd epyc 7343 Firmware Amd epyc 7643 Amd Amd epyc 7713 Amd epyc 7713p Firmware Amd epyc 7003 Firmware Amd epyc 7313p Amd epyc 7453 Amd epyc 7543p Firmware Amd epyc 7443p Firmware Amd epyc 7773x Amd epyc 7003 Amd epyc 7743 Firmware Amd epyc 7313 Amd epyc 7343 Amd epyc 7763 Amd epyc 7663 Amd epyc 73f3 Amd epyc 74f3 Amd epyc 7453 Firmware Amd epyc 74f3 Firmware Amd epyc 7443 Firmware Amd epyc 7543p Amd epyc 7443
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 - Vendor Advisory
CWE		CWE-668

11 Jan 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-11 08:15

Updated : 2023-12-10 14:48

NVD link : CVE-2021-26343

Mitre link : CVE-2021-26343

CVE.ORG link : CVE-2021-26343

JSON object : View

Products Affected

amd

epyc_75f3
epyc_73f3
epyc_7373x_firmware
epyc_75f3_firmware
epyc_7763_firmware
epyc_7003_firmware
epyc_7773x
epyc_74f3_firmware
epyc_7313p_firmware
epyc_7763
epyc_7343_firmware
epyc_7443p
epyc_7313
epyc_7443_firmware
epyc_7543p
epyc_7343
epyc_7453_firmware
epyc_7513
epyc_7443
epyc_7413
epyc_72f3
epyc_7413_firmware
epyc_7003
epyc_7313p
epyc_7453
epyc_7573x_firmware
epyc_7663
epyc_7313_firmware
epyc_72f3_firmware
epyc_7513_firmware
epyc_7543p_firmware
epyc_7743
epyc_7643
epyc_7713
epyc_7543_firmware
epyc_7773x_firmware
epyc_74f3
epyc_7713p
epyc_7713_firmware
epyc_7573x
epyc_7713p_firmware
epyc_7663_firmware
epyc_7373x
epyc_7643_firmware
epyc_7543
epyc_73f3_firmware
epyc_7443p_firmware
epyc_7743_firmware

CWE

CWE-668

Exposure of Resource to Wrong Sphere

5.5 /10