PT-2023-1412 · Amd · Amd Secure Processor

Cfir Cohen

Publicado

2023-01-10

Atualizado

2023-08-08

CVE-2021-26398

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AMD Secure Processor (ASP) (affected versions not specified)

Description The issue is related to insufficient input validation in the SYS KEY DERIVE system call, which can be exploited by an attacker to corrupt AMD Secure Processor (ASP) OS memory, potentially leading to arbitrary code execution. This can occur in a compromised user application or ABL. The vulnerability is associated with the implementation of AMD Secure Processor (ASP) microcode in AMD processors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-787

Identificadores relacionados

BDU:2023-00793

CVE-2021-26398

Produtos afetados

Amd Secure Processor

PT-2023-1412 · Amd · Amd Secure Processor

CVE-2021-26398

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6