CVEFinder.io

CVE-2021-26367

đŸ”ļ medium
🔍 Scan for this CVE
Summary

A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.

CVSS Score
5.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2024-08-13
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.9% of all 330,193 vulnerabilities in our database.

#221,615
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Aug 13, 2024
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-12-12
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

đŸ“Ļ Affected Products 37

Vendor Product Status Affected Versions
amd radeon_software Affected
< 23.12.1
amd radeon_software Affected
≤ 23.q4
amd athlon_gold_pro_3150g_firmware Affected
< comboam4pi_1.0.0.9
amd athlon_gold_pro_3150ge_firmware Affected
< comboam4pi_1.0.0.9
amd athlon_pro_300ge_firmware Affected
< comboam4pi_1.0.0.9
amd ryzen_7_4700g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_7_4700ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_5_4600g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_5_4600ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_3_4300g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_3_4300ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd athlon_gold_3150u_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_silver_3050u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_9_5980hx_firmware Affected
< cezannepi-fp6_1.0.0.6
amd ryzen_7_5700g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_7_5700ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_5_5600g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_5_5600ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_3_5300g_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_3_5300ge_firmware Affected
< comboam4v2_pi_1.2.0.5
amd ryzen_7_3750h_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_7_3700u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_5_3550h_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_5_3500u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_3_3300u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_3_3350u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_5_3580u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_7_3780u_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_silver_3050e_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_pro_3045b_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_silver_3050c_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_pro_3145b_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_gold_3150c_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_5_3450u_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_5_3500c_firmware Affected
< picassopi-fp5_1.0.0.e
amd ryzen_7_3700c_firmware Affected
< picassopi-fp5_1.0.0.e
amd athlon_gold_3150g_firmware Affected
< comboam4pi_1.0.0.9

🔗 References 2

https://www.amd.com/en/resources/product-security/bu...
Vendor Advisory
https://www.amd.com/en/resources/product-security/bu...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2024-36333 ⚠ī¸ high 7.8 0.0 A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potenti... 2026-05-15
CVE-2023-20548 ⚠ī¸ high 7.8 0.0 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt... 2026-02-11
CVE-2023-31324 ⚠ī¸ high 7.8 0.0 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify ... 2026-02-11
CVE-2024-21937 ⚠ī¸ high 7.3 0.1 Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege esc... 2024-11-12
CVE-2023-20510 đŸ”ļ medium 4.7 0.0 An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to ... 2024-08-13
CVE-2023-31307 ℹī¸ low 2.3 0.1 Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-o... 2024-08-13
These CVEs affect the same products