CVE-2021-26346
Public on 2023-01-11
Modified on 2024-02-27
Description
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | kernel | Not Affected | ||
| HAQM Linux 2 - Core | kernel | Not Affected | ||
| HAQM Linux 2 - Kernel-5.10 Extra | kernel | Not Affected | ||
| HAQM Linux 2 - Kernel-5.15 Extra | kernel | Not Affected | ||
| HAQM Linux 2 - Kernel-5.4 Extra | kernel | Not Affected | ||
| HAQM Linux 2023 | kernel | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 4.1 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |