Root Account Privileges Allow Unauthorized Firmware Loading into ACP, Leading to Denial of Service

Root Account Privileges Allow Unauthorized Firmware Loading into ACP, Leading to Denial of Service

CVE-2021-26382 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.

Learn more about our Web Application Penetration Testing UK.