Multiple AMD Graphics products code execution | CVE-2021-26360
NAME
Multiple AMD Graphics products code execution
- Platforms Affected:
AMD Radeon RX 5000 Series
AMD Radeon PRO W5000 Series
AMD Radeon RX 6000 Series
AMD Radeon PRO W6000 Series - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Multiple AMD Graphics products could allow a local attacker to execute arbitrary code on the system, caused by improper authorization validation by the security configuration of the SOC registers. By sending a specially-crafted request to corrupt encrypted memory contents, an attacker could exploit this vulnerability to execute arbitrary code in ASP.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to AMD-SB-1029 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26360
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.