#VU63678 Buffer overflow in AMD products - CVE-2021-26373
Published: May 25, 2022 / Updated: May 26, 2022
Vulnerability identifier: #VU63678
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-26373
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the System Management Unit (SMU). A local user can trigger a system voltage malfunction and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.