Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics
CVE-2021-26387
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.9 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L.
Affected products
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4PI 1.0.0.9, ComboAM4v2 PI 1.2.0.8
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5 1.0.0.E, PollockPI-FT5 1.0.0.4
- Amd Epyc™ 7001 Series Processors — versions various
- Amd Epyc™ 7002 Series Processors — versions various
- Amd Epyc™ 7003 Series Processors — versions various
- Amd Epyc™ 9004 Series Processors — versions various
- Amd Epyc™ Embedded 3000 Series Processors — versions various
- Amd Epyc™ Embedded 7002 Series Processors — versions various
- Amd Epyc™ Embedded 7003 Series Processors — versions various
- Amd Epyc™ Embedded 9003 Series Processors — versions various
References
Frequently asked questions
- What is CVE-2021-26387?
- CVE-2021-26387 is a low-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics. CVSS score: 3.9/10. Published 2024-08-13.
- How severe is CVE-2021-26387?
- Low severity. CVSS v3 base score is 3.9 out of 10.