Vulnerability in Amd Radeon Rx 5000 Series & Pro W5000

CVE-2021-26392

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.

Affected products

Amd Radeon Rx 5000 Series & Pro W5000 — versions AMD Radeon Software, AMD Radeon Pro Software Enterprise, Enterprise Driver
Amd Radeon Rx 6000 Series & Pro W6000 — versions AMD Radeon Software, AMD Radeon Pro Software Enterprise, Enterprise Driver
Amd Ryzen™ Embedded 5000 — versions various
Amd Ryzen™ Embedded R1000 — versions various
Amd Ryzen™ Embedded R2000 — versions various
Amd Ryzen™ Embedded V1000 — versions various
Amd Ryzen™ Embedded V2000 — versions various
Amd Ryzen™embedded V3000 — versions various

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029
www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001