CVE-2021-26315 Information

Description

When the AMD Platform Security Processor (PSP) boot rom loads authenticates and subsequently decrypts an encrypted FW due to insufficient verification of the integrity of decrypted image arbitrary code may be executed in the PSP when encrypted firmware images are used.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8