CVE-2021-26368Insufficient Verification of Data Authenticity in AMD Athlon Series

CWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 94.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD Athlon SeriesAMD Ryzen Series
Timeline
PublishedMay 12
Latest updateMay 13

Description

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5amd/ryzen_seriesvarious
CVEListV5amd/athlon_seriesvarious

🔴Vulnerability Details

2
GHSA
GHSA-q98f-vpvc-2r7r: Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory2022-05-13
CVEList
CVE-2021-26368: Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory2022-05-12
CVE-2021-26368 — AMD Athlon Series vulnerability | cvebase