Vulnerability Details : CVE-2021-26367
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
Products affected by CVE-2021-26367
- cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*
- cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*
- cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_pro_300ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4700g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4700ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4600g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4600ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_4300g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_4300ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_3150u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3350u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_pro_3045b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_pro_3145b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_3150c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3450u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_3150g_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26367
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26367
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
N/A
|
N/A
|
Advanced Micro Devices Inc. | 2024-08-13 |
|
6.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
0.8
|
5.2
|
NIST | 2024-12-12 |
|
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
0.5
|
5.2
|
Advanced Micro Devices Inc. | 2024-08-13 |
References for CVE-2021-26367
-
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html
Client Vulnerabilities – Aug 2024Vendor Advisory
-
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html
AMD Graphics Driver Vulnerabilities – August 2024Vendor Advisory
Jump to