CVE-2021-26344

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

Published: 2024-08-13 Last update: 2025-03-18 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-26344 is rated Low Risk (30.9/100): CVSS High severity, with low exploitation likelihood (EPSS 0.16%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-26344

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.16% +0.11%
2 2025-09-27 0.04% 0.05% +0.01%
3 2024-08-14 0.04%

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-26344

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 3.1 HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 0.6 6.0 [email protected]
8.2 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.5 6.0 [email protected]

Weakness enumeration for CVE-2021-26344

Affected software / configurations for CVE-2021-26344

Vendor Product Version Raw CPE
amd epyc_7203_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7203_firmware:*:*:*:*:*:*:*:*
amd epyc_7203p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7203p_firmware:*:*:*:*:*:*:*:*
amd epyc_72f3_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
amd epyc_7303_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7303_firmware:*:*:*:*:*:*:*:*
amd epyc_7303p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7303p_firmware:*:*:*:*:*:*:*:*
amd epyc_7313_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
amd epyc_7313p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
amd epyc_7343_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
amd epyc_73f3_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
amd epyc_7373x_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
amd epyc_7413_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
amd epyc_7443_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
amd epyc_7443p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
amd epyc_74f3_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
amd epyc_7453_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
amd epyc_7473x_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*
amd epyc_7513_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
amd epyc_7543_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
amd epyc_7543p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
amd epyc_75f3_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
amd epyc_7573x_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
amd epyc_7643_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
amd epyc_7773x_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
amd epyc_7643p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7643p_firmware:*:*:*:*:*:*:*:*
amd epyc_7663_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
amd epyc_7663p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7663p_firmware:*:*:*:*:*:*:*:*
amd epyc_7713_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*
amd epyc_7713p_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*
amd epyc_7763_firmware < milanpi_1.0.0.5 cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*
amd epyc_7h12_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:*
amd epyc_7f72_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:*
amd epyc_7f52_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:*
amd epyc_7f32_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:*
amd epyc_7742_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:*
amd epyc_7702p_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:*
amd epyc_7702_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:*
amd epyc_7662_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:*
amd epyc_7642_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:*
amd epyc_7552_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:*
amd epyc_7542_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:*
amd epyc_7532_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:*
amd epyc_7502p_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:*
amd epyc_7502_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:*
amd epyc_7452_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:*
amd epyc_7402p_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:*
amd epyc_7402_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:*
amd epyc_7352_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:*
amd epyc_7302p_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:*
amd epyc_7302_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:*
amd epyc_7282_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:*
amd epyc_7272_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:*
amd epyc_7262_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*
amd epyc_7252_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*
amd epyc_7232p_firmware < romepi_1.0.0.c cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*
amd epyc_7601_firmware cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*
amd epyc_7551p_firmware cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*
amd epyc_7551_firmware cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*
amd epyc_7501_firmware cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*
amd epyc_7451_firmware cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*
amd epyc_7401p_firmware cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*
amd epyc_7401_firmware cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*
amd epyc_7371_firmware cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*
amd epyc_7351p_firmware cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*
amd epyc_7351_firmware cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*
amd epyc_7301_firmware cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*
amd epyc_7281_firmware cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*
amd epyc_7261_firmware cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*
amd epyc_7251_firmware cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*
amd epyc_7001_firmware cpe:2.3:o:amd:epyc_7001_firmware:-:*:*:*:*:*:*:*

References for CVE-2021-26344

cvelogic Threat Intelligence