CVE-2021-26382

3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 85.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Ryzen 3 3200u Firmware AMD Ryzen 3 3250u Firmware AMD Ryzen 3 3300u Firmware +34 more

Timeline

PublishedJul 14

Latest updateJul 15

Description

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages37 packages

▶NVDamd/ryzen_3_3200u_firmware< renoirpi-fp6_1.0.0.7

▶NVDamd/ryzen_3_3250u_firmware< renoirpi-fp6_1.0.0.7

▶NVDamd/ryzen_3_3300u_firmware< renoirpi-fp6_1.0.0.7

▶NVDamd/ryzen_3_5125c_firmware< cezannepi-fp6_1.0.0.9

▶NVDamd/ryzen_3_5300g_firmware< comboam4_v2_pi_1.2.0.6c

🔴Vulnerability Details

GHSA

GHSA-w6fw-9866-83f5: An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respec↗2022-07-15

▶

CVEList

CVE-2021-26382: An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respec↗2022-07-14

▶