CVE & CISA-KEV Catalog

CVE-2021-26365

HIGH
8.2
CVSS v3
NVD

Description

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

How to fix

Remediation Available
amd 3015ce firmwareNVD
Affected:< pollockpi-ft5_1.0.0.3Fixed in:pollockpi-ft5_1.0.0.3CVE-2021-26365derived from NVD
amd 3015e firmwareNVD
Affected:< pollockpi-ft5_1.0.0.3Fixed in:pollockpi-ft5_1.0.0.3CVE-2021-26365derived from NVD
ryzen 3 3200u firmwareNVD
Affected:< picassopi-fp5_1.0.0.dFixed in:picassopi-fp5_1.0.0.dCVE-2021-26365derived from NVD
ryzen 3 3250c firmwareNVD
Affected:< picassopi-fp5_1.0.0.dFixed in:picassopi-fp5_1.0.0.dCVE-2021-26365derived from NVD
ryzen 3 3250u firmwareNVD
Affected:< picassopi-fp5_1.0.0.dFixed in:picassopi-fp5_1.0.0.dCVE-2021-26365derived from NVD
ryzen 3 5300g firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 3 5300ge firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 3 5300u firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 5 5500u firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 5 5600g firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 5 5600ge firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 5 6600h firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 5 6600hs firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 5 6600u firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 7 5700g firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 7 5700ge firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 7 5700u firmwareNVD
Affected:< cezannepi-fp6_1.0.0.8Fixed in:cezannepi-fp6_1.0.0.8CVE-2021-26365derived from NVD
ryzen 7 6800h firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 7 6800hs firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 7 6800u firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 9 6900hs firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 9 6900hx firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 9 6980hs firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD
ryzen 9 6980hx firmwareNVD
Affected:< rmb_1.0.0.4Fixed in:rmb_1.0.0.4CVE-2021-26365derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Exploit Intelligence

0.57%probability of exploitation in 30 days
43rdpercentile

Moderate risk: more likely to be exploited than 43% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-125 (Out-of-bounds Read) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0160High7.5100%KEVFix
CVE-2025-5777High7.5100%KEV + RansomFix
CVE-2021-4034High7.895%KEVFix
CVE-2023-21769High7.592%-Fix
CVE-2023-49285High8.689%-Fix
CVE-2020-8794Critical9.889%-Fix
Embed a live status badge for CVE-2021-26365
CVE-2021-26365 severity badge

Markdown

[![CVE-2021-26365](https://tridentstack.com/cve/badge/CVE-2021-26365.svg)](https://tridentstack.com/cve/CVE-2021-26365)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-26365"><img src="https://tridentstack.com/cve/badge/CVE-2021-26365.svg" alt="CVE-2021-26365"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-28.