What is CVE-2021-26384?

CVE-2021-26384 is a high-severity vulnerability in Amd Athlon_gold_3150u, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2022-07-14.

How severe is CVE-2021-26384?

High severity. CVSS v3 base score is 7.8 out of 10.

Out-of-bounds Read in Amd Athlon_gold_3150u

CVE-2021-26384

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potent…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (9.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Amd Athlon_gold_3150u
Amd Athlon_gold_3150u_firmware
Amd Athlon_silver_3050u
Amd Athlon_silver_3050u_firmware
Amd Athlon™ Series — versions various
Amd Ryzen_3_2200u
Amd Ryzen_3_2200u_firmware
Amd Ryzen_3_2300u
Amd Ryzen_3_2300u_firmware
Amd Ryzen_3_3200u

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read
CWE-787 — Out-of-bounds Write

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26384?: CVE-2021-26384 is a high-severity vulnerability in Amd Athlon_gold_3150u, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2022-07-14.
How severe is CVE-2021-26384?: High severity. CVSS v3 base score is 7.8 out of 10.