cve-2021-26367
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-08-13 18:04
Severity ?
EPSS score ?
Summary
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-26367", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T18:04:31.680686Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-13T18:04:43.359Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PollockPI-FT5 1.0.0.4" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.6" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.6" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability." } ], "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:50:05.825Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26367", "datePublished": "2024-08-13T16:50:05.825Z", "dateReserved": "2021-01-29T21:24:26.151Z", "dateUpdated": "2024-08-13T18:04:43.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-26367\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2024-08-13T17:15:17.360\",\"lastModified\":\"2024-08-14T02:07:05.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.\"},{\"lang\":\"es\",\"value\":\"Un atacante malicioso en x86 puede configurar mal las regiones de memoria confiable (TMR), lo que puede permitirle establecer un rango de direcciones arbitrario para la TMR, lo que podr\u00eda provocar una p\u00e9rdida de integridad y disponibilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.5,\"impactScore\":5.2}]},\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html\",\"source\":\"psirt@amd.com\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.