Vulnerability Name:

CVE-2021-26391 (CCN-239829)

Assigned:2021-01-29
Published:2022-11-08
Updated:2022-11-23
Summary:Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-26391

Source: XF
Type: UNKNOWN
amd-cve202126391-code-exec(239829)

Source: CCN
Type: AMD-SB-1029
AMD Graphics Driver Vulnerabilities - November 2022

Source: MISC
Type: Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

Vulnerable Configuration:Configuration 1:
  • cpe:/a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:* (Version < 22.q2)
  • OR cpe:/a:amd:radeon_software:*:*:*:*:*:*:*:* (Version < 22.5.2)
  • OR cpe:/a:amd:enterprise_driver:*:*:*:*:*:*:*:* (Version < 22.10.20)
  • AND
  • cpe:/h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*
  • OR cpe:/h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:amd:ryzen_3_5300ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_3_5400u:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:amd:ryzen_5_5560u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5560u:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600u:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600h:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_5_5600hs:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800u:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800h:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_7_5800hs:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5900hs:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5900hx:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5980hs:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:amd:ryzen_9_5980hx:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    amd radeon pro software *
    amd radeon software *
    amd enterprise driver *
    amd radeon rx 5300 -
    amd radeon rx 5300 xt -
    amd radeon rx 5500 -
    amd radeon rx 5500 xt -
    amd radeon rx 5600 -
    amd radeon rx 5600 xt -
    amd radeon rx 5700 -
    amd radeon rx 5700 xt -
    amd radeon rx 5300m -
    amd radeon pro w5500 -
    amd radeon pro w5500x -
    amd radeon pro w5700 -
    amd radeon pro w5700x -
    amd radeon rx 5500m -
    amd radeon rx 5600m -
    amd radeon rx 5700m -
    amd radeon rx 6300m -
    amd radeon rx 6400 -
    amd radeon rx 6500 xt -
    amd radeon rx 6500m -
    amd radeon rx 6600 -
    amd radeon rx 6600 xt -
    amd radeon rx 6600m -
    amd radeon rx 6600s -
    amd radeon rx 6650 xt -
    amd radeon rx 6650m -
    amd radeon rx 6650m xt -
    amd radeon pro w6300m -
    amd radeon pro w6400 -
    amd radeon pro w6500m -
    amd radeon pro w6600 -
    amd radeon pro w6600m -
    amd radeon pro w6600x -
    amd radeon pro w6800 -
    amd radeon pro w6800x -
    amd radeon pro w6800x duo -
    amd radeon pro w6900x -
    amd radeon rx 6700 -
    amd radeon rx 6700 xt -
    amd radeon rx 6700m -
    amd radeon rx 6700s -
    amd radeon rx 6750 xt -
    amd radeon rx 6800 -
    amd radeon rx 6800 xt -
    amd radeon rx 6800m -
    amd radeon rx 6800s -
    amd radeon rx 6850m xt -
    amd radeon rx 6900 xt -
    amd radeon rx 6950 xt -
    amd radeon rx vega 56 firmware -
    amd radeon rx vega 56 -
    amd radeon rx vega 64 firmware -
    amd radeon rx vega 64 -
    amd ryzen 3 5300ge firmware -
    amd ryzen 3 5300ge -
    amd ryzen 3 5300g firmware -
    amd ryzen 3 5300g -
    amd ryzen 5 5600ge firmware -
    amd ryzen 5 5600ge -
    amd ryzen 5 5600g firmware -
    amd ryzen 5 5600g -
    amd ryzen 7 5700ge firmware -
    amd ryzen 7 5700ge -
    amd ryzen 7 5700g firmware -
    amd ryzen 7 5700g -
    amd ryzen 3 5300u firmware -
    amd ryzen 3 5300u -
    amd ryzen 5 5500u firmware -
    amd ryzen 5 5500u -
    amd ryzen 7 5700u firmware -
    amd ryzen 7 5700u -
    amd ryzen 3 5400u firmware -
    amd ryzen 3 5400u -
    amd ryzen 5 5560u firmware -
    amd ryzen 5 5560u -
    amd ryzen 5 5600u firmware -
    amd ryzen 5 5600u -
    amd ryzen 5 5600h firmware -
    amd ryzen 5 5600h -
    amd ryzen 5 5600hs firmware -
    amd ryzen 5 5600hs -
    amd ryzen 7 5800u firmware -
    amd ryzen 7 5800u -
    amd ryzen 7 5800h firmware -
    amd ryzen 7 5800h -
    amd ryzen 7 5800hs firmware -
    amd ryzen 7 5800hs -
    amd ryzen 9 5900hs firmware -
    amd ryzen 9 5900hs -
    amd ryzen 9 5900hx firmware -
    amd ryzen 9 5900hx -
    amd ryzen 9 5980hs firmware -
    amd ryzen 9 5980hs -
    amd ryzen 9 5980hx firmware -
    amd ryzen 9 5980hx -