Vulnerabilities > CVE-2021-26398 - Out-of-bounds Write vulnerability in AMD products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
amd
CWE-787

Summary

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Vulnerable Configurations

Part Description Count
OS
Amd
305
Hardware
Amd
64

Common Weakness Enumeration (CWE)