CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AMDCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
amdenterprise_driver
𝑥
< 22.10.20
amdradeon_pro_software
𝑥
< 22.q2
amdradeon_software
𝑥
< 22.5.2
amdradeon_rx_vega_56_firmware
-
amdradeon_rx_vega_64_firmware
-
amdryzen_3_2200ge_firmware
-
amdryzen_3_2200g_firmware
-
amdryzen_5_2400ge_firmware
-
amdryzen_5_2400g_firmware
-
amdryzen_3_5300ge_firmware
-
amdryzen_3_5300g_firmware
-
amdryzen_5_5600ge_firmware
-
amdryzen_5_5600g_firmware
-
amdryzen_7_5700ge_firmware
-
amdryzen_7_5700g_firmware
-
amdathlon_silver_3050e_firmware
-
amdathlon_pro_3045b_firmware
-
amdathlon_silver_3050u_firmware
-
amdathlon_silver_3050c_firmware
-
amdathlon_pro_3145b_firmware
-
amdathlon_gold_3150u_firmware
-
amdathlon_gold_3150c_firmware
-
amdryzen_3_3250u_firmware
-
amdryzen_3_3250c_firmware
-
amdamd_3020e_firmware
-
amdamd_3015e_firmware
-
amdamd_3015ce_firmware
-
amdryzen_3_2200u_firmware
-
amdryzen_3_2300u_firmware
-
amdryzen_5_2500u_firmware
-
amdryzen_5_2600h_firmware
-
amdryzen_7_2700u_firmware
-
amdryzen_7_2800h_firmware
-
amdryzen_3_3300u_firmware
-
amdryzen_3_3350u_firmware
-
amdryzen_5_3450u_firmware
-
amdryzen_5_3500u_firmware
-
amdryzen_5_3500c_firmware
-
amdryzen_5_3550h_firmware
-
amdryzen_5_3580u_firmware
-
amdryzen_7_3700u_firmware
-
amdryzen_7_3700c_firmware
-
amdryzen_7_3750h_firmware
-
amdryzen_7_3780u_firmware
-
amdryzen_3_pro_3200ge_firmware
-
amdryzen_3_3200g_firmware
-
amdryzen_3_pro_3200g_firmware
-
amdryzen_5_pro_3350ge_firmware
-
amdryzen_5_pro_3350g_firmware
-
amdryzen_5_pro_3400ge_firmware
-
amdryzen_5_pro_3400g_firmware
-
amdryzen_5_3400g_firmware
-
amdryzen_3_5300u_firmware
-
amdryzen_5_5500u_firmware
-
amdryzen_7_5700u_firmware
-
amdryzen_3_5400u_firmware
-
amdryzen_5_5560u_firmware
-
amdryzen_5_5600u_firmware
-
amdryzen_5_5600h_firmware
-
amdryzen_5_5600hs_firmware
-
amdryzen_7_5800u_firmware
-
amdryzen_7_5800h_firmware
-
amdryzen_7_5800hs_firmware
-
amdryzen_9_5900hs_firmware
-
amdryzen_9_5900hx_firmware
-
amdryzen_9_5980hs_firmware
-
amdryzen_9_5980hx_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001