Bug 2164357 (CVE-2021-26316) - CVE-2021-26316 hw: amd: arbitrary code execution in bios due to a fault in communication buffer
Summary: CVE-2021-26316 hw: amd: arbitrary code execution in bios due to a fault in co...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-26316
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2160446
TreeView+ depends on / blocked
 
Reported: 2023-01-25 10:45 UTC by Rohit Keshri
Modified: 2023-01-27 20:52 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in hw. Failure to validate the BIOS's communication buffer and communication service may allow an attacker to tamper with the buffer, resulting in potential System Management Mode (SMM) arbitrary code execution.
Clone Of:
Environment:
Last Closed: 2023-01-27 20:52:25 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2023-01-25 10:45:07 UTC 
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Comment 1 Rohit Keshri 2023-01-25 10:48:11 UTC 
Affected Product:
-----------------
AMD Athlon™ Processors
AMD Ryzen™ Processors
AMD Threadripper™ Processors
Refer to Product Name(s) referenced in the Mitigation section below.
Comment 4 Product Security DevOps Team 2023-01-27 20:52:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-26316
Note You need to log in before you can comment on or make changes to this bug.