1. Home
  2. CVE Database
  3. CVE-2021-26363
MEDIUM · 4.4

CVE-2021-26363

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

Vulnerability Description

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
AmdRadeon Software-
AmdRyzen 3 3100 Firmware-
AmdRyzen 3 3100-
AmdRyzen 3 3300G Firmware-
AmdRyzen 3 3300G-
AmdRyzen 3 3300X Firmware-
AmdRyzen 3 3300X-
AmdRyzen 3 5400U Firmware-
AmdRyzen 3 5400U-
AmdRyzen 9 5900Hs Firmware-
AmdRyzen 9 5900Hs-
AmdRyzen 9 5900Hx Firmware-
AmdRyzen 9 5900Hx-
AmdRyzen 9 5980Hs Firmware-
AmdRyzen 9 5980Hs-
AmdRyzen 9 5980Hx Firmware-
AmdRyzen 9 5980Hx-
AmdRyzen 3 5125C Firmware-
AmdRyzen 3 5125C-
AmdRyzen 3 5425C Firmware-

References

FAQ

What is CVE-2021-26363?

CVE-2021-26363 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

How severe is CVE-2021-26363?

CVE-2021-26363 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26363?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Radeon Software, Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3100, Amd Ryzen 3 3300G Firmware, Amd Ryzen 3 3300G.