CVE-2021-26367

moderate-risk

Published 2024-08-13

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.7/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Radeon Software

Ryzen 9 5980Hx Firmware

Ryzen 3 3300U Firmware

Ryzen 3 3350U Firmware

Ryzen 5 3450U Firmware

Ryzen 5 3500U Firmware

Ryzen 5 3500C Firmware

Ryzen 5 3550H Firmware

Ryzen 5 3580U Firmware

Ryzen 7 3700U Firmware

Ryzen 7 3700C Firmware

Ryzen 7 3750H Firmware

Ryzen 7 3780U Firmware

Athlon Gold 3150C Firmware

Athlon Gold 3150U Firmware

Athlon Pro 3145B Firmware

Athlon Silver 3050C Firmware

Athlon Silver 3050U Firmware

Athlon Pro 3045B Firmware

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

Vendor Advisory https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

/ 100

moderate-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 24/34 · High