Bug 2164372 (CVE-2021-26346) - CVE-2021-26346 hw: amd: integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service
Summary: CVE-2021-26346 hw: amd: integer overflow in the L2 directory table in SPI fla...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-26346
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2160446
TreeView+ depends on / blocked
 
Reported: 2023-01-25 11:30 UTC by Rohit Keshri
Modified: 2024-09-09 04:17 UTC (History)
38 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-01-27 22:22:29 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2023-01-25 11:30:52 UTC 
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Reference:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031
Comment 1 Rohit Keshri 2023-01-25 11:31:44 UTC 
Affected Product:
----------------
AMD Athlon™ Processors
AMD Ryzen™ Processors
AMD Threadripper™ Processors
Comment 4 Product Security DevOps Team 2023-01-27 22:22:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-26346
Note You need to log in before you can comment on or make changes to this bug.