CVE-2021-26381

Summary

Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.2/ CastlePeakWSPI-sWRX8 1.0.0.9unaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.5unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.1unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.Eunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI 1.0.0.9/ ComboAM4 V2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.5unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4 V2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5 1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5_1.0.0.2unaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Raven Ridge”)EmbeddedPI-FP5 1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Picasso”)120Aunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.6unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2_0080unaffected
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.4.1 (24.30.31.08), AMD Software: PRO Edition 25.Q2(25.10.10)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.4.1 (24.30.31.08), AMD Software: PRO Edition 25.Q2(25.10.10)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.4.1 (24.30.31.08), AMD Software: PRO Edition 25.Q2(25.10.10)unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.4.1 (24.30.31.08), AMD Software: PRO Edition 25.Q2(25.10.10)unaffected
AMDAMD Radeon™ PRO V520Contact Your AMD Customer Engineering Represenatativeunaffected
AMDAMD Radeon™ PRO V620Contact Your AMD Customer Engineering Represenatativeunaffected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References