CVE-2021-26393

5.5MEDIUM

Key Information:

Vendor
Amd
Status
Amd Radeon Rx 5000 Series & Pro W5000 Series
Amd Radeon Rx 6000 Series & Pro W6000 Series
Amd Ryzen™ Embedded R1000
Amd Ryzen™ Embedded R2000
Vendor
CVE Published:
9 November 2022

Summary

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Affected Version(s)

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Software < 22.5.2

AMD Radeon RX 5000 Series & PRO W5000 Series AMD Radeon Pro Software Enterprise < 22.Q2

AMD Radeon RX 5000 Series & PRO W5000 Series Enterprise Driver < 22.10.20

References

https://www.amd.com/en/corporate/product-security/bulleti...
https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.