{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-26316","assignerOrgId":"b58fc414-a1e4-4f92-9d70-1add41838648","state":"PUBLISHED","assignerShortName":"AMD","dateReserved":"2021-01-29T21:24:26.137Z","datePublished":"2023-01-10T19:46:46.575Z","dateUpdated":"2025-04-09T15:19:17.090Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","packageName":"AGESA","platforms":["x86"],"product":"Ryzen 5000 Series ","vendor":" AMD","versions":[{"status":"affected","version":"various "}]},{"defaultStatus":"unaffected","packageName":"AGESA","platforms":["x86"],"product":"Ryzen 2000 Series","vendor":" AMD","versions":[{"status":"affected","version":"various "}]},{"defaultStatus":"unaffected","packageName":"AGESA","platforms":["x86"],"product":"Ryzen 3000 Series","vendor":"AMD","versions":[{"status":"affected","version":"various "}]},{"defaultStatus":"unaffected","packageName":"AGESA ","platforms":["x86"],"product":"1st Gen EPYC ","vendor":"AMD","versions":[{"status":"affected","version":"various "}]},{"defaultStatus":"unaffected","packageName":"AGESA","platforms":["x86"],"product":"2nd Gen EPYC","vendor":"AMD","versions":[{"status":"affected","version":"Various "}]},{"defaultStatus":"unaffected","packageName":"AGESA","platforms":["x86"],"product":"3rd Gen EPYC","vendor":"AMD","versions":[{"status":"affected","version":"various "}]}],"datePublic":"2023-01-10T17:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."}],"value":"Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."}],"providerMetadata":{"orgId":"b58fc414-a1e4-4f92-9d70-1add41838648","shortName":"AMD","dateUpdated":"2023-01-11T07:01:59.843Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"},{"tags":["vendor-advisory"],"url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}],"source":{"advisory":"AMD-SB-1031, AMD-SB-1032","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"},"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T20:19:20.402Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"},{"tags":["vendor-advisory","x_transferred"],"url":"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-20","lang":"en","description":"CWE-20 Improper Input Validation"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-09T15:18:38.823141Z","id":"CVE-2021-26316","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-09T15:19:17.090Z"}}]}}