Integer Overflow Vulnerability in AMD Trusted OS
CVE-2021-26377

4.1MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics; Amd Ryzen™ Threadripper™ 3000 Series Processors; Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors; Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 6 September 2025

What is CVE-2021-26377?

The vulnerability is due to insufficient parameter validation during process space allocation in AMD's Trusted OS. A malicious userspace process could exploit this weakness to trigger an integer overflow, potentially leading to a denial of service by disrupting the operating environment.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Radeon™ Instinct™ MI25 Graphics Products Contact your AMD Customer Engineering representative

AMD Radeon™ PRO V520 Graphics Products Contact your AMD Customer Engineering representative

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Jan 29, 2021

Amd

What is CVE-2021-26377?

Affected Version(s)

References

CVSS V3.1

Timeline