Vulnerability Name:

CVE-2021-26362 (CCN-226466)

Assigned:2021-01-29
Published:2022-05-10
Updated:2022-06-08
Summary:A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability.
CVSS v3 Severity:7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
5.5 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-26362

Source: XF
Type: UNKNOWN
amd-cve202126362-sec-bypass(226466)

Source: CCN
Type: AMD-SB-1027
AMD Client Vulnerabilities - May 2022

Source: MISC
Type: Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Vulnerable Configuration:Configuration 1:
  • cpe:/a:amd:radeon_software:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:amd:ryzen_3_2200u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_2200u:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:amd:ryzen_3_2300u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_2300u:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5125c:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5400u:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:amd:athlon_3050ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:athlon_3050ge:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:amd:athlon_3150ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:athlon_3150ge:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:amd:athlon_3150g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:athlon_3150g:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5425c:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:amd:ryzen_3_5425u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5425u:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:amd:ryzen_5_2500u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_2500u:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_2600:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:amd:ryzen_5_2600h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_2600h:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_2600x:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:amd:ryzen_5_5560u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5560u:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600h:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600hs:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600u:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:amd:ryzen_5_5625c_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5625c:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5625u:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:amd:ryzen_5_5700g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5700g:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:amd:ryzen_5_5700ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5700ge:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:amd:ryzen_7_2700u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_2700u:-:*:*:*:*:*:*:*

    • Configuration 25:
  • cpe:/o:amd:ryzen_7_2700_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_2700:-:*:*:*:*:*:*:*

    • Configuration 26:
  • cpe:/o:amd:ryzen_7_2700x_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*

    • Configuration 27:
  • cpe:/o:amd:ryzen_7_2800h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_2800h:-:*:*:*:*:*:*:*

    • Configuration 28:
  • cpe:/o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800h:-:*:*:*:*:*:*:*

    • Configuration 29:
  • cpe:/o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800hs:-:*:*:*:*:*:*:*

    • Configuration 30:
  • cpe:/o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800u:-:*:*:*:*:*:*:*

    • Configuration 31:
  • cpe:/o:amd:ryzen_7_5825c_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5825c:-:*:*:*:*:*:*:*

    • Configuration 32:
  • cpe:/o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5825u:-:*:*:*:*:*:*:*

    • Configuration 33:
  • cpe:/o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5980hx:-:*:*:*:*:*:*:*

    • Configuration 34:
  • cpe:/o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5980hs:-:*:*:*:*:*:*:*

    • Configuration 35:
  • cpe:/o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5900hx:-:*:*:*:*:*:*:*

    • Configuration 36:
  • cpe:/o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5900hs:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    amd radeon software -
    amd ryzen 3 2200u firmware -
    amd ryzen 3 2200u -
    amd ryzen 3 2300u firmware -
    amd ryzen 3 2300u -
    amd ryzen 3 5125c firmware -
    amd ryzen 3 5125c -
    amd ryzen 3 5400u firmware -
    amd ryzen 3 5400u -
    amd athlon 3050ge firmware -
    amd athlon 3050ge -
    amd athlon 3150ge firmware -
    amd athlon 3150ge -
    amd athlon 3150g firmware -
    amd athlon 3150g -
    amd ryzen 3 5425c firmware -
    amd ryzen 3 5425c -
    amd ryzen 3 5425u firmware -
    amd ryzen 3 5425u -
    amd ryzen 5 2500u firmware -
    amd ryzen 5 2500u -
    amd ryzen 5 2600 firmware -
    amd ryzen 5 2600 -
    amd ryzen 5 2600h firmware -
    amd ryzen 5 2600h -
    amd ryzen 5 2600x firmware -
    amd ryzen 5 2600x -
    amd ryzen 5 5560u firmware -
    amd ryzen 5 5560u -
    amd ryzen 5 5600h firmware -
    amd ryzen 5 5600h -
    amd ryzen 5 5600hs firmware -
    amd ryzen 5 5600hs -
    amd ryzen 5 5600u firmware -
    amd ryzen 5 5600u -
    amd ryzen 5 5600x firmware -
    amd ryzen 5 5600x -
    amd ryzen 5 5625c firmware -
    amd ryzen 5 5625c -
    amd ryzen 5 5625u firmware -
    amd ryzen 5 5625u -
    amd ryzen 5 5700g firmware -
    amd ryzen 5 5700g -
    amd ryzen 5 5700ge firmware -
    amd ryzen 5 5700ge -
    amd ryzen 7 2700u firmware -
    amd ryzen 7 2700u -
    amd ryzen 7 2700 firmware -
    amd ryzen 7 2700 -
    amd ryzen 7 2700x firmware -
    amd ryzen 7 2700x -
    amd ryzen 7 2800h firmware -
    amd ryzen 7 2800h -
    amd ryzen 7 5800h firmware -
    amd ryzen 7 5800h -
    amd ryzen 7 5800hs firmware -
    amd ryzen 7 5800hs -
    amd ryzen 7 5800u firmware -
    amd ryzen 7 5800u -
    amd ryzen 7 5825c firmware -
    amd ryzen 7 5825c -
    amd ryzen 7 5825u firmware -
    amd ryzen 7 5825u -
    amd ryzen 9 5980hx firmware -
    amd ryzen 9 5980hx -
    amd ryzen 9 5980hs firmware -
    amd ryzen 9 5980hs -
    amd ryzen 9 5900hx firmware -
    amd ryzen 9 5900hx -
    amd ryzen 9 5900hs firmware -
    amd ryzen 9 5900hs -