CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Published: Nov 9, 2022
Updated: May 4, 2025
CVE: CVE-2021-26393
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
amd / enterprise_driver	-	22.10.20
amd / radeon_pro_software	-	22.q2
amd / radeon_software	-	22.5.2

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001

Vulnerability Database

289,599

CVE-2021-26393