CVE-2021-26344

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 14, 2024

Summary

CVE-2021-26344 is a critical vulnerability affecting AMD Processor Security Processor (PSP) firmware. An out-of-bounds memory write error in processing the AMD PSP1 Configuration Block (APCB) can be exploited by attackers who have access. The exploit enables modification of the BIOS image and its signing, potentially resulting in arbitrary code execution within the PSP firmware. This vulnerability poses a significant risk, as it allows attackers to gain low-level system access, bypassing several security measures in place.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share