Home

CVE-2021-26347

Description

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Risk Information

Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.145

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2022:1846-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-firmware-20190618-5.25.2.noarch.rpmLinux
SUSE-SU-2022:1846-1(SUSE Linux Enterprise Server 12-SP5 ) ucode-amd-20190618-5.25.2.noarch.rpmLinux
SUSE-SU-2022:1840-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) ucode-amd-20210208-150300.4.10.1.noarch.rpmLinux
SUSE-SU-2022:1840-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) kernel-firmware-20210208-150300.4.10.1.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234