What is CVE-2021-26316?

CVE-2021-26316 is a high-severity vulnerability in Amd 1st Gen Epyc, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2023-01-11.

How severe is CVE-2021-26316?

High severity. CVSS v3 base score is 7.8 out of 10.

Improper input validation in Amd 1st Gen Epyc

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (16.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Amd 1st Gen Epyc — versions various
Amd 2nd Gen Epyc — versions Various
Amd 3rd Gen Epyc — versions various
Amd Athlon_3050ge
Amd Athlon_3050ge_firmware
Amd Athlon_3150g
Amd Athlon_3150ge
Amd Athlon_3150ge_firmware
Amd Athlon_3150g_firmware
Amd Athlon_gold_3150c

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@amd.com (vendor-advisory, Vendor Advisory)
psirt@amd.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26316?: CVE-2021-26316 is a high-severity vulnerability in Amd 1st Gen Epyc, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2023-01-11.
How severe is CVE-2021-26316?: High severity. CVSS v3 base score is 7.8 out of 10.