CVE-2021-26404 | Severity.io

Description

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

Related CPE's

amd

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

Vulnerable

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-20

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary

CWE-20

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-11T08:15:11.647

2 years ago

Last modified

2025-04-08T21:15:43.733

3 months ago