CVE-2021-26367 — AMD Athlon Gold 3150c Firmware vulnerability

3 documents3 sources

Severity

6.0MEDIUMNVD

CNA5.7

EPSS

0.0%

top 89.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon Gold 3150c Firmware AMD Athlon Gold 3150g Firmware AMD Athlon Gold 3150u Firmware +33 more

Timeline

PublishedAug 13

Description

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages36 packages

▶NVDamd/radeon_software< 23.12.1+1

▶NVDamd/ryzen_3_3300u_firmware< picassopi-fp5_1.0.0.e

▶NVDamd/ryzen_3_3350u_firmware< picassopi-fp5_1.0.0.e

▶NVDamd/ryzen_3_4300g_firmware< comboam4v2_pi_1.2.0.5

▶NVDamd/ryzen_3_5300g_firmware< comboam4v2_pi_1.2.0.5

🔴Vulnerability Details

CVEList

CVE-2021-26367: A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the↗2024-08-13

▶

GHSA

GHSA-2xq4-823c-q5v9: A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the↗2024-08-13

▶