Insufficient Memory Cleanup in AMD Secure Processor Affects Data Confidentiality
CVE-2021-26393

5.5MEDIUM

Key Information:

Vendor: Amd
Status: Amd Radeon Rx 5000 Series & Pro W5000 Series; Amd Radeon Rx 6000 Series & Pro W6000 Series; Amd Ryzen™ Embedded R1000; Amd Ryzen™ Embedded R2000
Vendor: CVE Published:; 9 November 2022

What is CVE-2021-26393?

The AMD Secure Processor (ASP) is susceptible to a vulnerability due to insufficient memory cleanup in its Trusted Execution Environment (TEE). This flaw could allow an authenticated attacker with appropriate privileges to create a valid signed Trusted Application (TA). By exploiting this, the attacker can manipulate the process memory, potentially injecting malicious data and compromising confidentiality.

Affected Version(s)

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Software < 22.5.2

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Pro Software Enterprise < 22.Q2

AMD Radeon RX 5000 Series & PRO W5000 Series Enterprise Driver < 22.10.20

References

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Jan 29, 2021

Amd

What is CVE-2021-26393?

Affected Version(s)

References

CVSS V3.1

Timeline