CVE-2021-26393
published 2022-11-09CVE-2021-26393: Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amd | amd_radeon_rx_5000_series_pro_w5000_series | >= AMD Radeon Pro Software Enterprise < 22.Q2 | 22.Q2 |
| amd | amd_radeon_rx_5000_series_pro_w5000_series | >= AMD Radeon Software < 22.5.2 | 22.5.2 |
| amd | amd_radeon_rx_5000_series_pro_w5000_series | >= Enterprise Driver < 22.10.20 | 22.10.20 |
| amd | amd_radeon_rx_6000_series_pro_w6000_series | >= AMD Radeon Pro Software Enterprise < 22.Q2 | 22.Q2 |
| amd | amd_radeon_rx_6000_series_pro_w6000_series | >= AMD Radeon Software < 22.5.2 | 22.5.2 |
| amd | amd_radeon_rx_6000_series_pro_w6000_series | >= Enterprise Driver < 22.10.20 | 22.10.20 |
| amd | amd_ryzen_embedded_r1000 | — | — |
| amd | amd_ryzen_embedded_r2000 | — | — |
| amd | amd_ryzen_embedded_v1000 | — | — |
| amd | amd_ryzen_embedded_v2000 | — | — |
| amd | enterprise_driver | < 22.10.20 | 22.10.20 |
| amd | radeon_pro_software | < 22.q2 | 22.q2 |
| amd | radeon_software | < 22.5.2 | 22.5.2 |