TOCTOU Vulnerability in ASP Bootloader: Potential for S3 Data Corruption and Information Disclosure

TOCTOU Vulnerability in ASP Bootloader: Potential for S3 Data Corruption and Information Disclosure

CVE-2021-26356 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.

Learn more about our Web Application Penetration Testing UK.