Vulnerability Name:

CVE-2021-26360 (CCN-239828)

Assigned:2021-01-29
Published:2022-11-08
Updated:2022-11-23
Summary:An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-863
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-26360

Source: XF
Type: UNKNOWN
amd-cve202126360-code-exec(239828)

Source: CCN
Type: AMD-SB-1029
AMD Graphics Driver Vulnerabilities - November 2022

Source: MISC
Type: Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

Vulnerable Configuration:Configuration 1:
  • cpe:/a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:* (Version < 22.q2)
  • OR cpe:/a:amd:radeon_software:*:*:*:*:*:*:*:* (Version < 22.5.2)
  • OR cpe:/a:amd:enterprise_driver:*:*:*:*:*:*:*:* (Version < 22.10.20)
  • AND
  • cpe:/h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    amd radeon pro software *
    amd radeon software *
    amd enterprise driver *
    amd radeon rx 6300m -
    amd radeon rx 6400 -
    amd radeon rx 6500m -
    amd radeon rx 6500 xt -
    amd radeon rx 6600s -
    amd radeon rx 6600m -
    amd radeon rx 6600 -
    amd radeon rx 6600 xt -
    amd radeon rx 6650m -
    amd radeon rx 6650m xt -
    amd radeon rx 6650 xt -
    amd radeon rx 6700s -
    amd radeon rx 6700m -
    amd radeon rx 6700 -
    amd radeon rx 6700 xt -
    amd radeon rx 6750 xt -
    amd radeon rx 6800s -
    amd radeon rx 6800m -
    amd radeon rx 6800 -
    amd radeon rx 6800 xt -
    amd radeon rx 6850m xt -
    amd radeon rx 6900 xt -
    amd radeon rx 6950 xt -
    amd radeon pro w6300m -
    amd radeon pro w6500m -
    amd radeon pro w6600m -
    amd radeon pro w6400 -
    amd radeon pro w6600 -
    amd radeon pro w6800 -
    amd radeon pro w6600x -
    amd radeon pro w6800x -
    amd radeon pro w6800x duo -
    amd radeon pro w6900x -