Vulnerability Details : CVE-2021-26390
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
Products affected by CVE-2021-26390
- cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2700x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3200u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_300u_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26390
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26390
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:N |
3.9
|
6.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.5
|
3.6
|
NIST |
References for CVE-2021-26390
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027
AMD Client Vulnerabilities – May 2022 | AMDVendor Advisory
Jump to