CVE-2021-26392

high-risk

Published 2022-11-09

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Enterprise Driver

Radeon Pro Software

Radeon Software

Radeon Rx Vega 56 Firmware

Radeon Rx Vega 64 Firmware

Ryzen 3 2200Ge Firmware

Ryzen 3 2200G Firmware

Ryzen 5 2400Ge Firmware

Ryzen 5 2400G Firmware

Ryzen 3 3100 Firmware

Ryzen 3 3300X Firmware

Ryzen 5 3500 Firmware

Ryzen 5 3500X Firmware

Ryzen 5 3600 Firmware

Ryzen 5 3600X Firmware

Ryzen 5 3600Xt Firmware

Ryzen 7 3700X Firmware

Ryzen 7 3800X Firmware

Ryzen 7 3800Xt Firmware

Ryzen 9 3900 Firmware

Affected Vendors

Amd

References (4)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 30/34 · Critical