Vulnerability Details : CVE-2021-26368
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2021-26368
- cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5800x3d_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5900x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5800x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5700g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5600g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5700ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5600ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5300g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2700x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2200u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2300u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2500u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2700u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2800h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5425u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5700g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5700ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3450g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5825c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5625c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5560u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26368
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26368
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2021-26368
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-26368
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027
AMD Client Vulnerabilities – May 2022 | AMDVendor Advisory
Jump to