CVE-2021-26383

Description

Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.

CVSS breakdown

Affected products

• AMD / AMD Instinct™ MI210ROCm 6.4 – ROCm 6.4
• AMD / AMD Instinct™ MI250ROCm 6.4 – ROCm 6.4
• AMD / AMD Radeon™ PRO V520 Graphics ProductsContact your AMD Customer Engineering representative – Contact your AMD Customer Engineering representative
• AMD / AMD Radeon™ PRO V620 Graphics ProductsContact your AMD Customer Engineering representative – Contact your AMD Customer Engineering representative
• AMD / AMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: PRO Edition 23.Q1 (22.40.37.05) – AMD Software: PRO Edition 23.Q1 (22.40.37.05)
• AMD / AMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 23.Q1 (22.40.37.05) – AMD Software: PRO Edition 23.Q1 (22.40.37.05)
• AMD / AMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 23.2.1 (22.40.01.45) – AMD Software: Adrenalin Edition 23.2.1 (22.40.01.45)
• AMD / AMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 23.2.1 (22.40.01.45) – AMD Software: Adrenalin Edition 23.2.1 (22.40.01.45)
• AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.5 – ComboAM4v2 PI 1.2.0.5
• AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.7 – RenoirPI-FP6 1.0.0.7
• AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.5 – ComboAM4v2 PI 1.2.0.5
• AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.6 – CezannePI-FP6 1.0.0.6
• AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.6 – CezannePI-FP6 1.0.0.6
• AMD / AMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.6 – EmbeddedPI-FP6_1.0.0.6

References

• MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html
• MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
• MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html