Vulnerability Details : CVE-2021-26393
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Products affected by CVE-2021-26393
- cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*
- cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2200u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2300u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2500u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2600h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2700u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_2800h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_3150u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5560u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3250u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:amd:enterprise_driver:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2200ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_2200g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2400ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_2400g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_pro_3045b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_silver_3050c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_pro_3145b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_gold_3150c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3250c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:amd_3020e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:amd_3015e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:amd_3015ce_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26393
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-26393
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-26393
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Access DeniedVendor Advisory
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001
Page not found | AMD
Jump to