CVE-2021-26360

HIGH

AMD Enterprise Driver < 22.10.20 - Unauthorized SOC Register Modification Leading to Arbitrary Code Execution

Title source: llm

Description

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 14.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (3)

amd/enterprise_driver < 22.10.20

amd/radeon_pro_software < 22.q2

amd/radeon_software < 22.5.2

Published Nov 09, 2022

Tracked Since Feb 18, 2026