#VU84022 Out-of-bounds read in AMD products - CVE-2021-26345
Published: December 8, 2023
Vulnerability identifier: #VU84022
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-26345
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in APCB. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.