Insufficient Memory Cleanup in AMD Secure Processor Affects Data Confidentiality
CVE-2021-26393

5.5MEDIUM

Key Information:

Vendor
Amd
Status
Amd Radeon Rx 5000 Series & Pro W5000 Series
Amd Radeon Rx 6000 Series & Pro W6000 Series
Amd Ryzen™ Embedded R1000
Amd Ryzen™ Embedded R2000
Vendor
CVE Published:
9 November 2022

Summary

The AMD Secure Processor (ASP) is susceptible to a vulnerability due to insufficient memory cleanup in its Trusted Execution Environment (TEE). This flaw could allow an authenticated attacker with appropriate privileges to create a valid signed Trusted Application (TA). By exploiting this, the attacker can manipulate the process memory, potentially injecting malicious data and compromising confidentiality.

Affected Version(s)

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Software < 22.5.2

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Pro Software Enterprise < 22.Q2

AMD Radeon RX 5000 Series & PRO W5000 Series Enterprise Driver < 22.10.20

References

https://www.amd.com/en/corporate/product-security/bulleti...
https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.