CVE-2021-26393

MEDIUM

AMD Enterprise Driver < 22.10.20 - Memory Leak

Title source: rule

Description

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

References (2)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 40.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-401

Status published

Affected Products (50)

amd/ryzen_3_5300ge_firmware

amd/enterprise_driver < 22.10.20

amd/radeon_pro_software < 22.q2

amd/radeon_software < 22.5.2

amd/radeon_rx_vega_56_firmware

amd/radeon_rx_vega_64_firmware

amd/ryzen_3_2200ge_firmware

amd/ryzen_3_2200g_firmware

amd/ryzen_5_2400ge_firmware

amd/ryzen_5_2400g_firmware

amd/ryzen_3_5300g_firmware

amd/ryzen_5_5600ge_firmware

amd/ryzen_5_5600g_firmware

amd/ryzen_7_5700ge_firmware

amd/ryzen_7_5700g_firmware

... and 35 more

Timeline

Published Nov 09, 2022

Tracked Since Feb 18, 2026