CVE-2021-26410

Summary

Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.5+ iGPU Driver Updateunaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.5unaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5_1.0.0.2unaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Raven Ridge”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Picasso”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.6unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2_1.0.0.0unaffected
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10), Radeon Software For Linux (25.10.1)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10), Radeon Software For Linux (25.10.1)unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10), Radeon Software For Linux (25.10.1)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10), Radeon Software For Linux (25.10.1)unaffected
AMDAMD Radeon™ PRO V520Contact your AMD Customer Engineering representativeunaffected
AMDAMD Radeon™ PRO V620Contact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-822: CWE-822 Untrusted Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References