Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26361

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.

Published

2022-05-12T18:16:53.147

Last Modified

2024-11-21T05:56:12.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amd	radeon_software	-	Yes
Operating System	amd	ryzen_3_2200u_firmware	-	Yes
Hardware	amd	ryzen_3_2200u	-	No
Operating System	amd	ryzen_3_2300u_firmware	-	Yes
Hardware	amd	ryzen_3_2300u	-	No
Operating System	amd	ryzen_3_5125c_firmware	-	Yes
Hardware	amd	ryzen_3_5125c	-	No
Operating System	amd	ryzen_3_5400u_firmware	-	Yes
Hardware	amd	ryzen_3_5400u	-	No
Operating System	amd	athlon_3050ge_firmware	-	Yes
Hardware	amd	athlon_3050ge	-	No
Operating System	amd	athlon_3150ge_firmware	-	Yes
Hardware	amd	athlon_3150ge	-	No
Operating System	amd	athlon_3150g_firmware	-	Yes
Hardware	amd	athlon_3150g	-	No
Operating System	amd	ryzen_3_5425c_firmware	-	Yes
Hardware	amd	ryzen_3_5425c	-	No
Operating System	amd	ryzen_3_5425u_firmware	-	Yes
Hardware	amd	ryzen_3_5425u	-	No
Operating System	amd	ryzen_5_2500u_firmware	-	Yes
Hardware	amd	ryzen_5_2500u	-	No
Operating System	amd	ryzen_5_2600_firmware	-	Yes
Hardware	amd	ryzen_5_2600	-	No
Operating System	amd	ryzen_5_2600h_firmware	-	Yes
Hardware	amd	ryzen_5_2600h	-	No
Operating System	amd	ryzen_5_2600x_firmware	-	Yes
Hardware	amd	ryzen_5_2600x	-	No
Operating System	amd	ryzen_5_5560u_firmware	-	Yes
Hardware	amd	ryzen_5_5560u	-	No
Operating System	amd	ryzen_5_5600h_firmware	-	Yes
Hardware	amd	ryzen_5_5600h	-	No
Operating System	amd	ryzen_5_5600hs_firmware	-	Yes
Hardware	amd	ryzen_5_5600hs	-	No
Operating System	amd	ryzen_5_5600u_firmware	-	Yes
Hardware	amd	ryzen_5_5600u	-	No
Operating System	amd	ryzen_5_5600x_firmware	-	Yes
Hardware	amd	ryzen_5_5600x	-	No
Operating System	amd	ryzen_5_5625c_firmware	-	Yes
Hardware	amd	ryzen_5_5625c	-	No
Operating System	amd	ryzen_5_5625u_firmware	-	Yes
Hardware	amd	ryzen_5_5625u	-	No
Operating System	amd	ryzen_5_5700g_firmware	-	Yes
Hardware	amd	ryzen_5_5700g	-	No
Operating System	amd	ryzen_5_5700ge_firmware	-	Yes
Hardware	amd	ryzen_5_5700ge	-	No
Operating System	amd	ryzen_7_2700u_firmware	-	Yes
Hardware	amd	ryzen_7_2700u	-	No
Operating System	amd	ryzen_7_2700_firmware	-	Yes
Hardware	amd	ryzen_7_2700	-	No
Operating System	amd	ryzen_7_2700x_firmware	-	Yes
Hardware	amd	ryzen_7_2700x	-	No
Operating System	amd	ryzen_7_2800h_firmware	-	Yes
Hardware	amd	ryzen_7_2800h	-	No
Operating System	amd	ryzen_7_5800h_firmware	-	Yes
Hardware	amd	ryzen_7_5800h	-	No
Operating System	amd	ryzen_7_5800hs_firmware	-	Yes
Hardware	amd	ryzen_7_5800hs	-	No
Operating System	amd	ryzen_7_5800u_firmware	-	Yes
Hardware	amd	ryzen_7_5800u	-	No
Operating System	amd	ryzen_7_5825c_firmware	-	Yes
Hardware	amd	ryzen_7_5825c	-	No
Operating System	amd	ryzen_7_5825u_firmware	-	Yes
Hardware	amd	ryzen_7_5825u	-	No
Operating System	amd	ryzen_9_5980hx_firmware	-	Yes
Hardware	amd	ryzen_9_5980hx	-	No
Operating System	amd	ryzen_9_5980hs_firmware	-	Yes
Hardware	amd	ryzen_9_5980hs	-	No
Operating System	amd	ryzen_9_5900hx_firmware	-	Yes
Hardware	amd	ryzen_9_5900hx	-	No
Operating System	amd	ryzen_9_5900hs_firmware	-	Yes
Hardware	amd	ryzen_9_5900hs	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)