All the vulnerabilites related to AMD - AMD Radeon RX 6000 Series & PRO W6000 Series
cve-2021-26391
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 17:33
Severity ?
Summary
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Impacted products
AMDAMD Radeon RX 5000 Series & PRO W5000 Series
AMDAMD Radeon RX 6000 Series & PRO W6000 Series
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "TBD",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26391",
    "datePublished": "2022-11-09T20:44:25.253369Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T17:33:16.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26392
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 20:51
Severity ?
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001
Impacted products
AMDAMD Radeon RX 5000 Series & PRO W5000 Series
AMDAMD Radeon RX 6000 Series & PRO W6000 Series
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded 5000
AMDAMD Ryzen™ Embedded V1000
AMDAMD Ryzen™ Embedded V2000
AMDAMD Ryzen™Embedded V3000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:08.137Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26392",
    "datePublished": "2022-11-09T20:44:26.258839Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T20:51:46.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26393
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 21:58
Severity ?
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001
Impacted products
AMDAMD Radeon RX 5000 Series & PRO W5000 Series
AMDAMD Radeon RX 6000 Series & PRO W6000 Series
AMDAMD Ryzen™ Embedded R1000
AMDAMD Ryzen™ Embedded R2000
AMDAMD Ryzen™ Embedded V1000
AMDAMD Ryzen™ Embedded V2000
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:50.269Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26393",
    "datePublished": "2022-11-09T20:44:25.517806Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T21:58:26.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26360
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 22:56
Severity ?
Summary
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
Impacted products
AMDAMD Radeon RX 6000 Series & PRO W6000 Series
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.015Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "TBD",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-09T00:00:00",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26360",
    "datePublished": "2022-11-09T20:44:26.034287Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T22:56:17.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}