Vulnerability Description
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Enterprise Driver | < 22.10.20 |
| Amd | Radeon Pro Software | < 22.q2 |
| Amd | Radeon Software | < 22.5.2 |
| Amd | Radeon Pro W6300M | - |
| Amd | Radeon Pro W6400 | - |
| Amd | Radeon Pro W6500M | - |
| Amd | Radeon Pro W6600 | - |
| Amd | Radeon Pro W6600M | - |
| Amd | Radeon Pro W6600X | - |
| Amd | Radeon Pro W6800 | - |
| Amd | Radeon Pro W6800X | - |
| Amd | Radeon Pro W6800X Duo | - |
| Amd | Radeon Pro W6900X | - |
| Amd | Radeon Rx 6300M | - |
| Amd | Radeon Rx 6400 | - |
| Amd | Radeon Rx 6500 Xt | - |
| Amd | Radeon Rx 6500M | - |
| Amd | Radeon Rx 6600 | - |
| Amd | Radeon Rx 6600 Xt | - |
| Amd | Radeon Rx 6600M | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029Vendor Advisory
FAQ
What is CVE-2021-26360?
CVE-2021-26360 is a vulnerability with a CVSS score of 7.8 (HIGH). An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encr...
How severe is CVE-2021-26360?
CVE-2021-26360 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26360?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Enterprise Driver, Amd Radeon Pro Software, Amd Radeon Software, Amd Radeon Pro W6300M, Amd Radeon Pro W6400.