Cyber Resilience

CVE-2021-26365

High

Published: 09 May 2023

Published
09 May 2023
Modified
28 January 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score 0.0051 66.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-26365 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Amd Ryzen 5 2400G Firmware. Its CVSS base score is 8.2 (High).

Operationally, ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

amd
ryzen 5 2400g firmware
all versions
amd
ryzen 5 2400ge firmware
all versions
amd
ryzen 3 2200ge firmware
all versions
amd
ryzen 3 2200g firmware
all versions
amd
ryzen 3 pro 2100ge firmware
all versions
amd
ryzen 9 5900x firmware
all versions
amd
ryzen 9 5950x firmware
all versions
amd
ryzen 9 5900 firmware
all versions
amd
ryzen 7 5800 firmware
all versions
amd
ryzen 7 5800x firmware
all versions
+44 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References