CVE-2021-26360

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization8 documents8 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD AMD Radeon RX 6000 Series & PRO W6000 Series AMD Enterprise Driver AMD Radeon PRO Software +1 more

Timeline

PublishedNov 9

Latest updateMar 11

Description

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDamd/radeon_software< 22.5.2

▶NVDamd/enterprise_driver< 22.10.20

▶NVDamd/radeon_pro_software< 22.q2

▶CVEListV5amd/amd_radeon_rx_6000_series_&_pro_w6000_seriesAMD Radeon Software — 22.5.2+2

🔴Vulnerability Details

GHSA

GHSA-5v6h-fqxx-8wv5: An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers↗2023-07-06

▶

CVEList

CVE-2021-26360: An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers↗2022-11-09

▶

💥Exploits & PoCs

Exploit-DB

Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read↗2024-03-11

▶

Nuclei

Adobe ColdFusion - Local File Read

▶

📋Vendor Advisories

Red Hat

hw: amd: Unauthorized modifications of the security configuration of the SOC registers↗2022-11-08

▶

🕵️Threat Intelligence

Bleepingcomputer

Hackers breach US govt agencies using Adobe ColdFusion exploit↗2023-12-05

▶

💬Community

HackerOne

Unauthenticated File Read Adobe ColdFusion↗2023-12-21

▶