CVE-2021-26387

Published: Aug 13, 2024Modified: Oct 30, 2024

3.9

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Exploitability: 0.8 / Impact: 2.7

Source: psirt@amd.com (Secondary)

Description

Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Source: psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Source: psirt@amd.com

Timeline

No history available yet.