Vulnerability in Amd Epyc_7002
CVE-2021-26347
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
EPSS: 0.002 (8.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2021-26347?
- CVE-2021-26347 is a medium-severity vulnerability in Amd Epyc_7002, classified under Improper Validation of Specified Quantity in Input. CVSS score: 4.7/10. Published 2022-05-11.
- How severe is CVE-2021-26347?
- Medium severity. CVSS v3 base score is 4.7 out of 10.