CVE-2021-26393

Published: Nov 9, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Vendor	Product	Versions
AMD	AMD Radeon RX 5000 Series & PRO W5000 Series	affected `AMD Radeon Software - < 22.5.2` affected `AMD Radeon Pro Software Enterprise - < 22.Q2` affected `Enterprise Driver - < 22.10.20`
AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	affected `AMD Radeon Software - < 22.5.2` affected `AMD Radeon Pro Software Enterprise - < 22.Q2` affected `Enterprise Driver - < 22.10.20`
AMD	AMD Ryzen™ Embedded R1000	affected `various`
AMD	AMD Ryzen™ Embedded R2000	affected `various`
AMD	AMD Ryzen™ Embedded V1000	affected `various`
AMD	AMD Ryzen™ Embedded V2000	affected `various`

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-26393

Description

Affected Products

References