← back
CVE-2021-26410

CVE-2021-26410

CVSS 1.8 LOWEPSS 0.1%CWE-822
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
AMD · AMD Radeon™ PRO V520AMD · AMD Radeon™ PRO V620AMD · AMD Radeon™ PRO W5000 Series Graphics ProductsAMD · AMD Radeon™ PRO W6000 Series Graphics ProductsAMD · AMD Radeon™ RX 5000 Series Graphics ProductsAMD · AMD Radeon™ RX 6000 Series Graphics ProductsAMD · AMD Ryzen™ 4000 Series Desktop ProcessorsAMD · AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD · AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsAMD · AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD · AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsAMD · AMD Ryzen™ Embedded R1000 Series ProcessorsAMD · AMD Ryzen™ Embedded R2000 Series ProcessorsAMD · AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso")AMD · AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")AMD · AMD Ryzen™ Embedded V2000 Series ProcessorsAMD · AMD Ryzen™ Embedded V3000 Series Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.htmlhttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html