CVE-2021-26316

CVSS 7.8 HIGHEPSS 0.3%CWE-20

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

10 Jan 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

AMD · 1st Gen EPYC AMD · 2nd Gen EPYC AMD · 3rd Gen EPYC AMD · Ryzen 2000 Series AMD · Ryzen 3000 Series AMD · Ryzen 5000 Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032