Out-of-bounds Write Vulnerability in AMD Product
CVE-2021-26392

7.8HIGH

Key Information:

Vendor: Amd
Status: Amd Radeon Rx 5000 Series & Pro W5000 Series; Amd Radeon Rx 6000 Series & Pro W6000 Series; Amd Ryzen™ Embedded R1000; Amd Ryzen™ Embedded R2000
Vendor: CVE Published:; 9 November 2022

Summary

The vulnerability arises from insufficient verification of size checks in the 'LoadModule' functionality, which may permit an out-of-bounds write. This flaw could potentially allow an attacker with appropriate privileges to execute code at the OS or kernel level by loading a malicious Trusted Application (TA), raising significant security concerns for affected AMD products.

Affected Version(s)

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Software < 22.5.2

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Pro Software Enterprise < 22.Q2

AMD Radeon RX 5000 Series & PRO W5000 Series Enterprise Driver < 22.10.20

References

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Jan 29, 2021