Vulnerability DatabaseCVE-2021-26345

CVE-2021-26345:
Linux openSUSE vulnerability analysis and mitigation

Overview

CVE-2021-26345 is a security vulnerability discovered in AMD EPYC processors' firmware. The vulnerability was first recorded on January 29, 2021, and involves a failure to validate values in APCB (AMD Platform Configuration Block) (NVD).

Technical details

The vulnerability is characterized by an out-of-bounds memory read condition (CWE-125) that occurs due to improper validation of APCB values. It has received varying CVSS v3.1 severity ratings: NIST rates it as MEDIUM (Base Score: 4.9) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, while AMD rates it as LOW (Base Score: 1.9) with vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L (NVD).

Impact

The vulnerability can potentially result in a denial of service condition when successfully exploited. The impact is primarily limited to system availability, with no direct effect on confidentiality or integrity of the system (NVD).

Mitigation and workarounds

AMD has released firmware updates to address this vulnerability. The fix is included in ROMEPI version 1.0.0.f for Rome processors and MILANPI version 1.0.0.a for Milan processors (AMD Advisory).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp	No	Yes	Nov 21, 2025
CVE-2025-61915	MEDIUM	6	OpenPrinting CUPS	libcups2-32bit	No	Yes	Nov 29, 2025
CVE-2025-58436	MEDIUM	5.1	OpenPrinting CUPS	cups-devel	No	Yes	Nov 29, 2025
CVE-2025-9820	N/A	N/A	GnuTLS	gnutls28	No	Yes	Nov 21, 2025
CVE-2025-13402	N/A	N/A	Linux Fedora	librnp	No	Yes	Nov 21, 2025