Strix
26.1K

CVE-2021-26393

MEDIUMCVSS 5.5/10EPSS 0.25%

Last modified

CVE-2021-26393 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.25%

15.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdEnterprise Driver< 22.10.20
AmdRadeon Pro Software< 22.q2
AmdRadeon Software< 22.5.2
AmdRadeon Rx Vega 56 FirmwareAll versions
AmdRadeon Rx Vega 64 FirmwareAll versions
AmdRyzen 3 2200ge FirmwareAll versions
AmdRyzen 3 2200g FirmwareAll versions
AmdRyzen 5 2400ge FirmwareAll versions
AmdRyzen 5 2400g FirmwareAll versions
AmdRyzen 3 5300ge FirmwareAll versions
AmdRyzen 3 5300g FirmwareAll versions
AmdRyzen 5 5600ge FirmwareAll versions
AmdRyzen 5 5600g FirmwareAll versions
AmdRyzen 7 5700ge FirmwareAll versions
AmdRyzen 7 5700g FirmwareAll versions
AmdAthlon Silver 3050e FirmwareAll versions
AmdAthlon Pro 3045b FirmwareAll versions
AmdAthlon Silver 3050u FirmwareAll versions
AmdAthlon Silver 3050c FirmwareAll versions
AmdAthlon Pro 3145b FirmwareAll versions
AmdAthlon Gold 3150u FirmwareAll versions
AmdAthlon Gold 3150c FirmwareAll versions
AmdRyzen 3 3250u FirmwareAll versions
AmdRyzen 3 3250c FirmwareAll versions
AmdAmd 3020e FirmwareAll versions
AmdAmd 3015e FirmwareAll versions
AmdAmd 3015ce FirmwareAll versions
AmdRyzen 3 2200u FirmwareAll versions
AmdRyzen 3 2300u FirmwareAll versions
AmdRyzen 5 2500u FirmwareAll versions
AmdRyzen 5 2600h FirmwareAll versions
AmdRyzen 7 2700u FirmwareAll versions
AmdRyzen 7 2800h FirmwareAll versions
AmdRyzen 3 3300u FirmwareAll versions
AmdRyzen 3 3350u FirmwareAll versions
AmdRyzen 5 3450u FirmwareAll versions
AmdRyzen 5 3500u FirmwareAll versions
AmdRyzen 5 3500c FirmwareAll versions
AmdRyzen 5 3550h FirmwareAll versions
AmdRyzen 5 3580u FirmwareAll versions
AmdRyzen 7 3700u FirmwareAll versions
AmdRyzen 7 3700c FirmwareAll versions
AmdRyzen 7 3750h FirmwareAll versions
AmdRyzen 7 3780u FirmwareAll versions
AmdRyzen 3 Pro 3200ge FirmwareAll versions
AmdRyzen 3 3200g FirmwareAll versions
AmdRyzen 3 Pro 3200g FirmwareAll versions
AmdRyzen 5 Pro 3350ge FirmwareAll versions
AmdRyzen 5 Pro 3350g FirmwareAll versions
AmdRyzen 5 Pro 3400ge FirmwareAll versions

Showing 50 of 67 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-26393?
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
How severe is CVE-2021-26393?
CVE-2021-26393 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2021-26393?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-26393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST