Lucene search

AMDVULNRICHMENT:CVE-2021-26367

HistoryAug 13, 2024 - 4:50 p.m.

CVE-2021-26367

2024-08-1316:50:05

AMD

github.com

x86

trusted memory regions

integrity

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

CNA Affected

[
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "ComboAM4v2 PI 1.2.0.5"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "ComboAM4PI  1.0.0.9"
      },
      {
        "status": "unaffected",
        "version": "ComboAM4v2 PI 1.2.0.8"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "ComboAM4v2 PI 1.2.0.5"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "PicassoPI-FP5  1.0.0.E"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Athlon™ 3000 Series Mobile  Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "PollockPI-FT5  1.0.0.4"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "PicassoPI-FP5  1.0.0.E"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "RenoirPI-FP6  1.0.0.7"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "CezannePI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "CezannePI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "CezannePI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "CezannePI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics",
    "versions": [
      {
        "status": "unaffected",
        "version": "CezannePI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Radeon™ RX 6000 Series Graphics Cards",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Radeon™ PRO W6000 Series Graphics Cards",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ Embedded R1000 Series Processors",
    "versions": [
      {
        "status": "unaffected",
        "version": "EmbeddedPI-FP5 1.2.0.A"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ Embedded R2000 Series Processors",
    "versions": [
      {
        "status": "unaffected",
        "version": "EmbeddedR2KPI-FP5 1.0.0.2"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ Embedded V1000 Series Processors",
    "versions": [
      {
        "status": "unaffected",
        "version": "EmbeddedPI-FP5 1.2.0.A"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Ryzen™ Embedded V2000 Series Processors",
    "versions": [
      {
        "status": "unaffected",
        "version": "EmbeddedPI-FP6 1.0.0.6"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2021-26367