Vulnerability Details : CVE-2021-26387
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Products affected by CVE-2021-26387
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-26387
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26387
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.9
|
LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
N/A
|
N/A
|
Advanced Micro Devices Inc. | 2024-08-13 |
|
3.9
|
LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
0.8
|
2.7
|
Advanced Micro Devices Inc. | 2024-08-13 |
CWE ids for CVE-2021-26387
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2021-26387
-
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html
AMD Embedded Processors Vulnerabilities – Aug 2024
-
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
AMD Server Vulnerabilities – August 2024
Jump to