CVE-2021-26391

Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AMDCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
amdenterprise_driver
𝑥
< 22.10.20
amdradeon_pro_software
𝑥
< 22.q2
amdradeon_software
𝑥
< 22.5.2
amdradeon_rx_vega_56_firmware
-
amdradeon_rx_vega_64_firmware
-
amdryzen_3_5300ge_firmware
-
amdryzen_3_5300g_firmware
-
amdryzen_5_5600ge_firmware
-
amdryzen_5_5600g_firmware
-
amdryzen_7_5700ge_firmware
-
amdryzen_7_5700g_firmware
-
amdryzen_3_5300u_firmware
-
amdryzen_5_5500u_firmware
-
amdryzen_7_5700u_firmware
-
amdryzen_3_5400u_firmware
-
amdryzen_5_5560u_firmware
-
amdryzen_5_5600u_firmware
-
amdryzen_5_5600h_firmware
-
amdryzen_5_5600hs_firmware
-
amdryzen_7_5800u_firmware
-
amdryzen_7_5800h_firmware
-
amdryzen_7_5800hs_firmware
-
amdryzen_9_5900hs_firmware
-
amdryzen_9_5900hx_firmware
-
amdryzen_9_5980hs_firmware
-
amdryzen_9_5980hx_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029