Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26391

Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 98 products from amd, from amd, from amd and 95 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-11-09T21:15:12.150

Last Modified

2025-05-01T15:15:54.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amd	enterprise_driver	< 22.10.20	Yes
Application	amd	radeon_pro_software	< 22.q2	Yes
Application	amd	radeon_software	< 22.5.2	Yes
Hardware	amd	radeon_pro_w5500	-	No
Hardware	amd	radeon_pro_w5500x	-	No
Hardware	amd	radeon_pro_w5700	-	No
Hardware	amd	radeon_pro_w5700x	-	No
Hardware	amd	radeon_pro_w6300m	-	No
Hardware	amd	radeon_pro_w6400	-	No
Hardware	amd	radeon_pro_w6500m	-	No
Hardware	amd	radeon_pro_w6600	-	No
Hardware	amd	radeon_pro_w6600m	-	No
Hardware	amd	radeon_pro_w6600x	-	No
Hardware	amd	radeon_pro_w6800	-	No
Hardware	amd	radeon_pro_w6800x	-	No
Hardware	amd	radeon_pro_w6800x_duo	-	No
Hardware	amd	radeon_pro_w6900x	-	No
Hardware	amd	radeon_rx_5300	-	No
Hardware	amd	radeon_rx_5300_xt	-	No
Hardware	amd	radeon_rx_5300m	-	No
Hardware	amd	radeon_rx_5500	-	No
Hardware	amd	radeon_rx_5500_xt	-	No
Hardware	amd	radeon_rx_5500m	-	No
Hardware	amd	radeon_rx_5600	-	No
Hardware	amd	radeon_rx_5600_xt	-	No
Hardware	amd	radeon_rx_5600m	-	No
Hardware	amd	radeon_rx_5700	-	No
Hardware	amd	radeon_rx_5700_xt	-	No
Hardware	amd	radeon_rx_5700m	-	No
Hardware	amd	radeon_rx_6300m	-	No
Hardware	amd	radeon_rx_6400	-	No
Hardware	amd	radeon_rx_6500_xt	-	No
Hardware	amd	radeon_rx_6500m	-	No
Hardware	amd	radeon_rx_6600	-	No
Hardware	amd	radeon_rx_6600_xt	-	No
Hardware	amd	radeon_rx_6600m	-	No
Hardware	amd	radeon_rx_6600s	-	No
Hardware	amd	radeon_rx_6650_xt	-	No
Hardware	amd	radeon_rx_6650m	-	No
Hardware	amd	radeon_rx_6650m_xt	-	No
Hardware	amd	radeon_rx_6700	-	No
Hardware	amd	radeon_rx_6700_xt	-	No
Hardware	amd	radeon_rx_6700m	-	No
Hardware	amd	radeon_rx_6700s	-	No
Hardware	amd	radeon_rx_6750_xt	-	No
Hardware	amd	radeon_rx_6800	-	No
Hardware	amd	radeon_rx_6800_xt	-	No
Hardware	amd	radeon_rx_6800m	-	No
Hardware	amd	radeon_rx_6800s	-	No
Hardware	amd	radeon_rx_6850m_xt	-	No
Hardware	amd	radeon_rx_6900_xt	-	No
Hardware	amd	radeon_rx_6950_xt	-	No
Operating System	amd	radeon_rx_vega_56_firmware	-	Yes
Hardware	amd	radeon_rx_vega_56	-	No
Operating System	amd	radeon_rx_vega_64_firmware	-	Yes
Hardware	amd	radeon_rx_vega_64	-	No
Operating System	amd	ryzen_3_5300ge_firmware	-	Yes
Hardware	amd	ryzen_3_5300ge	-	No
Operating System	amd	ryzen_3_5300g_firmware	-	Yes
Hardware	amd	ryzen_3_5300g	-	No
Operating System	amd	ryzen_5_5600ge_firmware	-	Yes
Hardware	amd	ryzen_5_5600ge	-	No
Operating System	amd	ryzen_5_5600g_firmware	-	Yes
Hardware	amd	ryzen_5_5600g	-	No
Operating System	amd	ryzen_7_5700ge_firmware	-	Yes
Hardware	amd	ryzen_7_5700ge	-	No
Operating System	amd	ryzen_7_5700g_firmware	-	Yes
Hardware	amd	ryzen_7_5700g	-	No
Operating System	amd	ryzen_3_5300u_firmware	-	Yes
Hardware	amd	ryzen_3_5300u	-	No
Operating System	amd	ryzen_5_5500u_firmware	-	Yes
Hardware	amd	ryzen_5_5500u	-	No
Operating System	amd	ryzen_7_5700u_firmware	-	Yes
Hardware	amd	ryzen_7_5700u	-	No
Operating System	amd	ryzen_3_5400u_firmware	-	Yes
Hardware	amd	ryzen_3_5400u	-	No
Operating System	amd	ryzen_5_5560u_firmware	-	Yes
Hardware	amd	ryzen_5_5560u	-	No
Operating System	amd	ryzen_5_5600u_firmware	-	Yes
Hardware	amd	ryzen_5_5600u	-	No
Operating System	amd	ryzen_5_5600h_firmware	-	Yes
Hardware	amd	ryzen_5_5600h	-	No
Operating System	amd	ryzen_5_5600hs_firmware	-	Yes
Hardware	amd	ryzen_5_5600hs	-	No
Operating System	amd	ryzen_7_5800u_firmware	-	Yes
Hardware	amd	ryzen_7_5800u	-	No
Operating System	amd	ryzen_7_5800h_firmware	-	Yes
Hardware	amd	ryzen_7_5800h	-	No
Operating System	amd	ryzen_7_5800hs_firmware	-	Yes
Hardware	amd	ryzen_7_5800hs	-	No
Operating System	amd	ryzen_9_5900hs_firmware	-	Yes
Hardware	amd	ryzen_9_5900hs	-	No
Operating System	amd	ryzen_9_5900hx_firmware	-	Yes
Hardware	amd	ryzen_9_5900hx	-	No
Operating System	amd	ryzen_9_5980hs_firmware	-	Yes
Hardware	amd	ryzen_9_5980hs	-	No
Operating System	amd	ryzen_9_5980hx_firmware	-	Yes
Hardware	amd	ryzen_9_5980hx	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For amd's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.