CVE-2021-26363

moderate-risk

Published 2022-05-12

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Radeon Software

Ryzen 3 3100 Firmware

Ryzen 3 3300G Firmware

Ryzen 3 3300X Firmware

Ryzen 3 5400U Firmware

Ryzen 9 5900Hs Firmware

Ryzen 9 5900Hx Firmware

Ryzen 9 5980Hs Firmware

Ryzen 9 5980Hx Firmware

Ryzen 3 5125C Firmware

Ryzen 3 5425C Firmware

Ryzen 7 3700X Firmware

Ryzen 9 3900X Firmware

Ryzen 9 3950X Firmware

Ryzen 7 3800X Firmware

Ryzen 3 5425U Firmware

Ryzen 5 3400G Firmware

Ryzen 7 5800H Firmware

Ryzen 7 5800Hs Firmware

Ryzen 7 5800U Firmware

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

/ 100

moderate-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 23/34 · High