Main Vulnerability Database SB2024100223

SB2024100223 - Improper access control in AMD EPYC Processors

Published: October 2, 2024

Security Bulletin ID SB2024100223

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2021-26387)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in ASP kernel. A local privileged user with access to AMD signing keys and the BIOS menu or UEFI shell can map DRAM regions in protected areas.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

SB2024100223 - Improper access control in AMD EPYC Processors

Breakdown by Severity

Description

Remediation

References

Please verify you're human