Vulnerability in Amd 3rd Gen Epyc™

CVE-2021-26315

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when e…

EPSS: 0.001 (20.2th percentile) — read the EPSS interpretation.

Affected products

Amd 3rd Gen Epyc™ — versions unspecified

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 (x_refsource_MISC)