CVE-2021-26393

moderate-risk

Published 2022-11-09

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Enterprise Driver

Radeon Pro Software

Radeon Software

Radeon Rx Vega 56 Firmware

Radeon Rx Vega 64 Firmware

Ryzen 3 2200Ge Firmware

Ryzen 3 2200G Firmware

Ryzen 5 2400Ge Firmware

Ryzen 5 2400G Firmware

Ryzen 3 5300Ge Firmware

Ryzen 3 5300G Firmware

Ryzen 5 5600Ge Firmware

Ryzen 5 5600G Firmware

Ryzen 7 5700Ge Firmware

Ryzen 7 5700G Firmware

Athlon Silver 3050E Firmware

Athlon Pro 3045B Firmware

Athlon Silver 3050U Firmware

Athlon Silver 3050C Firmware

Athlon Pro 3145B Firmware

Affected Vendors

Amd

References (4)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 27/34 · High