What is CVE-2021-26363?

CVE-2021-26363 is a medium-severity vulnerability in Amd Athlon™ Series. CVSS score: 4.4/10. Published 2022-05-12.

How severe is CVE-2021-26363?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Amd Athlon™ Series

CVE-2021-26363

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

EPSS: 0.002 (11.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Amd Athlon™ Series — versions various
Amd Radeon_software
Amd Ryzen_3_3100
Amd Ryzen_3_3100_firmware
Amd Ryzen_3_3300g
Amd Ryzen_3_3300g_firmware
Amd Ryzen_3_3300x
Amd Ryzen_3_3300x_firmware
Amd Ryzen_3_5125c
Amd Ryzen_3_5125c_firmware

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26363?: CVE-2021-26363 is a medium-severity vulnerability in Amd Athlon™ Series. CVSS score: 4.4/10. Published 2022-05-12.
How severe is CVE-2021-26363?: Medium severity. CVSS v3 base score is 4.4 out of 10.