CVE-2021-26393

MEDIUM

AMD Ryzen 3 5300GE Firmware - Use-After-Free in ASP TEE

Title source: llm

Description

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

References (2)

Core 2

Core References

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-401

Status published

Products (50)

amd/amd_3015ce_firmware

amd/amd_3015e_firmware

amd/amd_3020e_firmware

amd/athlon_gold_3150c_firmware

amd/athlon_gold_3150u_firmware

amd/athlon_pro_3045b_firmware

amd/athlon_pro_3145b_firmware

amd/athlon_silver_3050c_firmware

amd/athlon_silver_3050e_firmware

amd/athlon_silver_3050u_firmware

... and 40 more

Published Nov 09, 2022

Tracked Since Feb 18, 2026