Main Vulnerability Database Vulnerabilities #VU63690

#VU63690 Out-of-bounds write in AMD products - CVE-2021-26312

Published: May 26, 2022 / Updated: May 26, 2022

Vulnerability identifier: #VU63690

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-26312

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors

Software vendor:
AMD

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU). A local user can force an IO device to write to memory it should not be able to access and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

#VU63690 Out-of-bounds write in AMD products - CVE-2021-26312

Description

Remediation

External links

Please verify you're human