7.8
CVSSv3

CVE-2021-26398

Published: 11/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an malicious user to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Vulnerable Product Search on Vulmon Subscribe to Product

amd epyc_7h12_firmware

amd epyc_7f72_firmware

amd epyc_7f52_firmware

amd epyc_7f32_firmware

amd epyc_7742_firmware

amd epyc_7702p_firmware

amd epyc_7702_firmware

amd epyc_7662_firmware

amd epyc_7642_firmware

amd epyc_7552_firmware

amd epyc_7542_firmware

amd epyc_7532_firmware

amd epyc_7502p_firmware

amd epyc_7502_firmware

amd epyc_7452_firmware

amd epyc_7402_firmware

amd epyc_7402p_firmware

amd epyc_7352_firmware

amd epyc_7302p_firmware

amd epyc_7302_firmware

amd epyc_7282_firmware

amd epyc_7272_firmware

amd epyc_7262_firmware

amd epyc_7252_firmware

amd epyc_7232p_firmware

amd epyc_7002_firmware

amd epyc_7003_firmware

amd epyc_72f3_firmware

amd epyc_7313_firmware

amd epyc_7313p_firmware

amd epyc_7343_firmware

amd epyc_7373x_firmware

amd epyc_73f3_firmware

amd epyc_7413_firmware

amd epyc_7443_firmware

amd epyc_7443p_firmware

amd epyc_7453_firmware

amd epyc_74f3_firmware

amd epyc_7513_firmware

amd epyc_7543_firmware

amd epyc_7543p_firmware

amd epyc_7573x_firmware

amd epyc_75f3_firmware

amd epyc_7643_firmware

amd epyc_7663_firmware

amd epyc_7713_firmware

amd epyc_7713p_firmware

amd epyc_7743_firmware

amd epyc_7763_firmware

amd epyc_7773x_firmware

amd epyc_7001_firmware

amd epyc_7251_firmware

amd epyc_7261_firmware

amd epyc_7281_firmware

amd epyc_7301_firmware

amd epyc_7351_firmware

amd epyc_7371_firmware

amd epyc_7401_firmware

amd epyc_7401p_firmware

amd epyc_7451_firmware

amd epyc_7501_firmware

amd epyc_7551_firmware

amd epyc_7551p_firmware

amd epyc_7601_firmware