Lucene search

[email protected]CVE-2021-26393

HistoryNov 09, 2022 - 9:15 p.m.

CVE-2021-26393

2022-11-0921:15:00

CWE-401

[email protected]

web.nvd.nist.gov

amd

secure processor

trusted execution environment

cve-2021-26393

memory cleanup

authenticated attacker

confidentiality

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

CPENameOperatorVersion
amd:enterprise_driveramd enterprise driverlt22.10.20
amd:radeon_pro_softwareamd radeon pro softwarelt22.q2
amd:radeon_softwareamd radeon softwarelt22.5.2
amd:radeon_rx_vega_56_firmwareamd radeon rx vega 56 firmwareeq-
amd:radeon_rx_vega_64_firmwareamd radeon rx vega 64 firmwareeq-
amd:ryzen_3_2200ge_firmwareamd ryzen 3 2200ge firmwareeq-
amd:ryzen_3_2200g_firmwareamd ryzen 3 2200g firmwareeq-
amd:ryzen_5_2400ge_firmwareamd ryzen 5 2400ge firmwareeq-
amd:ryzen_5_2400g_firmwareamd ryzen 5 2400g firmwareeq-
amd:ryzen_3_5300ge_firmwareamd ryzen 3 5300ge firmwareeq-

CPE	Name	Operator	Version
amd:enterprise_driver	amd enterprise driver	lt	22.10.20
amd:radeon_pro_software	amd radeon pro software	lt	22.q2
amd:radeon_software	amd radeon software	lt	22.5.2
amd:radeon_rx_vega_56_firmware	amd radeon rx vega 56 firmware	eq	-
amd:radeon_rx_vega_64_firmware	amd radeon rx vega 64 firmware	eq	-
amd:ryzen_3_2200ge_firmware	amd ryzen 3 2200ge firmware	eq	-
amd:ryzen_3_2200g_firmware	amd ryzen 3 2200g firmware	eq	-
amd:ryzen_5_2400ge_firmware	amd ryzen 5 2400ge firmware	eq	-
amd:ryzen_5_2400g_firmware	amd ryzen 5 2400g firmware	eq	-
amd:ryzen_3_5300ge_firmware	amd ryzen 3 5300ge firmware	eq	-

Rows per page:

1-10 of 671

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2021-26393

prion1 redhatcve1 cvelist1 hp3 amd3