CVE-2021-26382

MEDIUM

AMD Ryzen Firmware - Authenticated Denial of Service via Audio Co-Processor Firmware Loading

Title source: llm

Description

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Scores

CVSS v3 4.4

EPSS 0.0005

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (35)

amd/ryzen_3_3200u_firmware < renoirpi-fp6_1.0.0.7

amd/ryzen_3_3250u_firmware < renoirpi-fp6_1.0.0.7

amd/ryzen_3_3300u_firmware < renoirpi-fp6_1.0.0.7

amd/ryzen_3_5125c_firmware < cezannepi-fp6_1.0.0.9

amd/ryzen_3_5300g_firmware < comboam4_v2_pi_1.2.0.6c

amd/ryzen_3_5300ge_firmware < comboam4_v2_pi_1.2.0.6c

amd/ryzen_3_5400u_firmware < cezannepi-fp6_1.0.0.9

amd/ryzen_3_5425c_firmware < cezannepi-fp6_1.0.0.9

amd/ryzen_3_5425u_firmware < cezannepi-fp6_1.0.0.9

amd/ryzen_5_3500u_firmware < renoirpi-fp6_1.0.0.7

... and 25 more

Published Jul 14, 2022

Tracked Since Feb 18, 2026