What is CVE-2021-26368?

CVE-2021-26368 is a medium-severity vulnerability in Amd Athlon™ Series, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.4/10. Published 2022-05-12.

How severe is CVE-2021-26368?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Amd Athlon™ Series

CVE-2021-26368

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.

EPSS: 0.001 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Affected products

Amd Athlon™ Series — versions various
Amd Ryzen_3_2200u
Amd Ryzen_3_2200u_firmware
Amd Ryzen_3_2300u
Amd Ryzen_3_2300u_firmware
Amd Ryzen_3_3100
Amd Ryzen_3_3100_firmware
Amd Ryzen_3_3300g
Amd Ryzen_3_3300g_firmware
Amd Ryzen_3_3300x

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26368?: CVE-2021-26368 is a medium-severity vulnerability in Amd Athlon™ Series, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.4/10. Published 2022-05-12.
How severe is CVE-2021-26368?: Medium severity. CVSS v3 base score is 4.4 out of 10.