CVE-2021-26383

Summary

Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.6unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.5unaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.6unaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.5unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.7unaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.6unaffected
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 23.2.1 (22.40.01.45)unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 23.2.1 (22.40.01.45)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: PRO Edition 23.Q1 (22.40.37.05)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 23.Q1 (22.40.37.05)unaffected
AMDAMD Instinct™ MI210ROCm 6.4unaffected
AMDAMD Instinct™ MI250ROCm 6.4unaffected
AMDAMD Radeon™ PRO V520 Graphics ProductsContact your AMD Customer Engineering representativeunaffected
AMDAMD Radeon™ PRO V620 Graphics ProductsContact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References