FKIE_CVE-2021-26360

Vulnerability from fkie_nvd - Published: 2022-11-09 21:15 - Updated: 2025-05-01 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
References
psirt@amd.comhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029Vendor Advisory
Impacted products
Vendor Product Version
amd enterprise_driver *
amd radeon_pro_software *
amd radeon_software *
amd radeon_pro_w6300m -
amd radeon_pro_w6400 -
amd radeon_pro_w6500m -
amd radeon_pro_w6600 -
amd radeon_pro_w6600m -
amd radeon_pro_w6600x -
amd radeon_pro_w6800 -
amd radeon_pro_w6800x -
amd radeon_pro_w6800x_duo -
amd radeon_pro_w6900x -
amd radeon_rx_6300m -
amd radeon_rx_6400 -
amd radeon_rx_6500_xt -
amd radeon_rx_6500m -
amd radeon_rx_6600 -
amd radeon_rx_6600_xt -
amd radeon_rx_6600m -
amd radeon_rx_6600s -
amd radeon_rx_6650_xt -
amd radeon_rx_6650m -
amd radeon_rx_6650m_xt -
amd radeon_rx_6700 -
amd radeon_rx_6700_xt -
amd radeon_rx_6700m -
amd radeon_rx_6700s -
amd radeon_rx_6750_xt -
amd radeon_rx_6800 -
amd radeon_rx_6800_xt -
amd radeon_rx_6800m -
amd radeon_rx_6800s -
amd radeon_rx_6850m_xt -
amd radeon_rx_6900_xt -
amd radeon_rx_6950_xt -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amd:enterprise_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F418EA2F-C021-44A7-9A8F-F6512A857BF9",
              "versionEndExcluding": "22.10.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5C79E0A6-9108-449C-AD2B-6FDF1FB7D643",
              "versionEndExcluding": "22.q2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AEE9E9-3A38-4483-AD76-2CEA7096BF0A",
              "versionEndExcluding": "22.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCC24F7-17CD-422A-B047-3E8B32D7B3F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DB91262-2EF4-4F0D-8B61-0012BD25E7A8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EACFFECA-179B-4911-85DE-D7270610E4A9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3083C065-5A2C-4B2D-9C1F-5793BA3C0A52",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47A9B2F1-D9C5-47F8-9B2D-7C2A1495972A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19588B3D-3F44-4127-8989-B535D4391201",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7557738A-5D93-4117-8FF2-9A27CD0E6BC5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BC3034-8C33-4AAF-BE81-9BCFBF0EE56A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "697BB742-0A55-4165-B5BD-5BDCD67B62CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14599A66-17C9-4072-AA0D-EAE86DB496DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C66880A-FB33-477D-93FD-C280A4547D66",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD3F898-5AB1-4E60-A086-ADCF33820154",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1F7CD2-7D13-48A9-A7CC-3547A1D241DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FED1D5-F31A-44C9-9101-D70486CC6FC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C24DE61-4036-42BF-A08F-67C234706703",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D9040F-1D1D-49E5-A60E-4393F5D76B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A76A792F-7026-4F29-9A00-3A2EAB2DE5FC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DAF63F-C468-438C-97C3-B6CE8BD12858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82D4745-ACAB-4FC2-A63D-3B0FEA208BED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD80D674-1DD4-44E0-8C38-8341A7F392B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10DD7029-9299-4901-A3D1-84D6102471B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F73C59A-CDE2-4203-921F-1831D4ACFD2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C980129B-D717-47F7-A6C1-5EB64FB1BF9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76C585C-FCC8-456D-A63C-7A769AF5EB07",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C52E8-26B1-4F77-B9D3-D08BFF72DAFB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9466279D-0582-464E-AFCC-20872CC99B56",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12EF0B24-689D-4BE8-98D5-D88A84D5E473",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58299A7-7CA4-4EF8-81DC-9A41AA84FB2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB218988-1483-4D96-9075-F79EDBC79974",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14D5A16-F7BE-427A-98AB-2E120DB756DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E128B2-A9B7-4A1C-9ACF-7EB323B72B6F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC4A007-BEFD-4BF0-A176-7ECD6150041C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B658454-C160-4EBA-9F7A-E2B9FDEA8A1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP."
    },
    {
      "lang": "es",
      "value": "Un atacante con acceso local al sistema puede realizar modificaciones no autorizadas en la configuraci\u00f3n de seguridad de los registros SOC. Esto podr\u00eda permitir una posible corrupci\u00f3n del contenido de la memoria cifrada del procesador seguro AMD, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en ASP."
    }
  ],
  "id": "CVE-2021-26360",
  "lastModified": "2025-05-01T15:15:54.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-09T21:15:11.690",
  "references": [
    {
      "source": "psirt@amd.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.