CVE-2021-26383 - Vulnerability Details

Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Amd	Instinct Mi210 Instinct Mi250 Radeon Pro V520 Radeon Pro V620 Radeon Pro W5000 Radeon Pro W6000 Radeon Rx 5000 Radeon Rx 6000 Ryzen 4000

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html

History

Mon, 08 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd instinct Mi210 Amd instinct Mi250 Amd radeon Pro V520 Amd radeon Pro V620 Amd radeon Pro W5000 Amd radeon Pro W6000 Amd radeon Rx 5000 Amd radeon Rx 6000 Amd ryzen 4000
Vendors & Products		Amd Amd instinct Mi210 Amd instinct Mi250 Amd radeon Pro V520 Amd radeon Pro V620 Amd radeon Pro W5000 Amd radeon Pro W6000 Amd radeon Rx 5000 Amd radeon Rx 6000 Amd ryzen 4000

Mon, 08 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 05 Sep 2025 23:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.
Weaknesses		CWE-787
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
Metrics		cvssV3_1 `{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-09-05T23:21:25.947Z

Updated: 2025-09-08T13:49:58.856Z

Reserved: 2021-01-29T21:24:26.160Z

Link: CVE-2021-26383

Vulnrichment

Updated: 2025-09-08T13:49:52.365Z

NVD

Status : Awaiting Analysis

Published: 2025-09-06T00:15:33.930

Modified: 2025-09-08T16:25:38.810

Link: CVE-2021-26383

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object