Advisory Published


First published: Wed Nov 09 2022(Updated: )

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Credit: psirt@amd.com

Affected SoftwareAffected VersionHow to fix
Amd Enterprise Driver<22.10.20
Amd Radeon Pro Software<22.q2
AMD Radeon Software<22.5.2
Amd Radeon Pro W6400
Amd Radeon Pro W6500m
Amd Radeon Pro W6600
Amd Radeon Pro W6600m
Amd Radeon Pro W6600x
Amd Radeon Pro W6800
Amd Radeon Pro W6800x
Amd Radeon Pro W6800x Duo
Amd Radeon Pro W6900x
Amd Radeon Rx 6300m
Amd Radeon Rx 6400
Amd Radeon Rx 6500 Xt
Amd Radeon Rx 6500m
Amd Radeon Rx 6600
Amd Radeon Rx 6600 Xt
Amd Radeon Rx 6600m
Amd Radeon Rx 6600s
Amd Radeon Rx 6650 Xt
Amd Radeon Rx 6650m
Amd Radeon Rx 6650m Xt
Amd Radeon Rx 6700
Amd Radeon Rx 6700 Xt
Amd Radeon Rx 6700m
Amd Radeon Rx 6700s
Amd Radeon Rx 6750 Xt
Amd Radeon Rx 6800
Amd Radeon Rx 6800 Xt
Amd Radeon Rx 6800m
Amd Radeon Rx 6800s
Amd Radeon Rx 6850m Xt
Amd Radeon Rx 6900 Xt
Amd Radeon Rx 6950 Xt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-26360?

    CVE-2021-26360 is a vulnerability that allows an attacker with local access to the system to make unauthorized modifications of the security configuration of the SOC registers, potentially leading to arbitrary code execution in AMD secure processors.

  • Which software versions are affected by CVE-2021-26360?

    CVE-2021-26360 affects AMD Enterprise Driver versions up to and excluding 22.10.20, AMD Radeon Pro Software versions up to and excluding 22.q2, and AMD Radeon Software versions up to and excluding 22.5.2.

  • What is the severity of CVE-2021-26360?

    CVE-2021-26360 has a severity rating of 7.8, which is considered high.

  • How can I fix CVE-2021-26360?

    To fix CVE-2021-26360, it is recommended to update to the latest versions of AMD Enterprise Driver, AMD Radeon Pro Software, or AMD Radeon Software, depending on the affected software.

  • Where can I find more information about CVE-2021-26360?

    You can find more information about CVE-2021-26360 on the official AMD Product Security Bulletin: [https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029)


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203