Severity
Medium
Analysis Summary
CVE-2021-26354
Multiple AMD chipsets could allow a local attacker to bypass security restrictions, caused by improper bounds checking in ASP. By sending a specially-crafted request using a system call from a compromised ABL, an attacker could exploit this vulnerability to cause arbitrary memory values to be initialized to zero.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2021-26354
Affected Vendors
Amd
Affected Products
- AMD Ryzen 1000 series Processor
- AMD 1st Generation EPYC
- AMD Athlon 3000 Series
- AMD Ryzen 2000 Series processors
- AMD Ryzen Threadripper 2nd gen processors
- AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics
- AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics
Remediation
Refer to AMD Security Advisory for patch, upgrade or suggested workaround information.