What is CVE-2021-26346?

CVE-2021-26346 is a medium-severity vulnerability in Amd Ryzen_3_3100, classified under Integer Overflow or Wraparound. CVSS score: 5.5/10. Published 2023-01-11.

How severe is CVE-2021-26346?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Integer overflow in Amd Ryzen_3_3100

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Vulnerability class: Integer Overflow

EPSS: 0.002 (11.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Amd Ryzen_3_3100
Amd Ryzen_3_3100_firmware
Amd Ryzen_3_3200g
Amd Ryzen_3_3200g_firmware
Amd Ryzen_3_3200u
Amd Ryzen_3_3200u_firmware
Amd Ryzen_3_3250c
Amd Ryzen_3_3250c_firmware
Amd Ryzen_3_3250u
Amd Ryzen_3_3250u_firmware

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

psirt@amd.com (Vendor Advisory)

Frequently asked questions

What is CVE-2021-26346?: CVE-2021-26346 is a medium-severity vulnerability in Amd Ryzen_3_3100, classified under Integer Overflow or Wraparound. CVSS score: 5.5/10. Published 2023-01-11.
How severe is CVE-2021-26346?: Medium severity. CVSS v3 base score is 5.5 out of 10.