medium
4.4
Advisory Published
Updated

CVE-2021-26382

First published: Thu Jul 14 2022(Updated: )

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.

Credit: psirt@amd.com

Affected SoftwareAffected VersionHow to fix
AMD Ryzen 7 5700G Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 7 5700G Firmware
AMD Ryzen 7 5700GE Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 7 5700GE Firmware
AMD Ryzen 5 5600G Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 5 5600GT Firmware
AMD Ryzen 5 5600GE Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 5 5600GE Firmware
AMD Ryzen 3 5300G Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 3 5300G Firmware
AMD Ryzen 3 5300GE Firmware<comboam4_v2_pi_1.2.0.6c
AMD Ryzen 3 5300GE Firmware
AMD Ryzen 9 5980HX<cezannepi-fp6_1.0.0.9
AMD Ryzen 9 5980HX Firmware
AMD Ryzen 9 5980HS Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 9 5980HS Firmware
AMD Ryzen 7 5825U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 7 5825U Firmware
AMD Ryzen 9 5900HX Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 9 5900HX
AMD Ryzen 9 5900HS Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 9 5900HS Firmware
amd ryzen 7 5825c firmware<cezannepi-fp6_1.0.0.9
amd ryzen 7 5825c
AMD Ryzen 7 5800H Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 7 5800H Firmware
AMD Ryzen 5 5625U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 5 5625U Firmware
AMD Ryzen 7 5800HS Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 7 5800HS Firmware
amd ryzen 5 5625c firmware<cezannepi-fp6_1.0.0.9
amd ryzen 5 5625c
AMD Ryzen 5 5600H Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 5 5600H
AMD Ryzen 5 5600HS Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 5 5600HS
AMD Ryzen 7 5800U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 7 5800U Firmware
AMD Ryzen 5 5600U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 5 5600U
AMD Ryzen 5 5560U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 5 5560U Firmware
AMD Ryzen 3 5425U<cezannepi-fp6_1.0.0.9
AMD Ryzen 3 5425U
amd ryzen 3 5425c firmware<cezannepi-fp6_1.0.0.9
amd ryzen 3 5425c
AMD Ryzen 3 5400U Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 3 5400U
AMD Ryzen 3 5125C Firmware<cezannepi-fp6_1.0.0.9
AMD Ryzen 3 5125C
AMD Ryzen 3 3200U Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 3 3200U Firmware
AMD Ryzen 3 3250U Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 3 3250U Firmware
AMD Ryzen 3 Pro 3300U Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 3 Pro 3300U
AMD Ryzen 5 3500U Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 5 3500U
AMD Ryzen 5 3550H Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 5 3550H Firmware
amd ryzen 5 3580u firmware<renoirpi-fp6_1.0.0.7
amd ryzen 5 3580u
AMD Ryzen 7 3700U Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 7 3700U
amd ryzen 7 pro 3700u firmware<renoirpi-fp6_1.0.0.7
amd ryzen 7 pro 3700u
AMD Ryzen 7 3750H Firmware<renoirpi-fp6_1.0.0.7
AMD Ryzen 7 3750H
amd ryzen 7 3780u firmware<renoirpi-fp6_1.0.0.7
amd ryzen 7 3780u

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-26382?

    CVE-2021-26382 has a moderate severity level, allowing attackers with root privileges to load unauthorized firmware, potentially causing a denial of service.

  • How do I fix CVE-2021-26382?

    To fix CVE-2021-26382, users should update to the latest firmware version from AMD that addresses this vulnerability.

  • Who is affected by CVE-2021-26382?

    CVE-2021-26382 affects specific AMD Ryzen firmware versions, particularly those below comboam4_v2_pi_1.2.0.6c and cezannepi-fp6_1.0.0.9.

  • What are the potential impacts of CVE-2021-26382?

    The potential impacts of CVE-2021-26382 include unauthorized firmware loading and subsequent denial of service due to firmware manipulation.

  • Is there any workaround for CVE-2021-26382?

    Currently, there are no documented workarounds for CVE-2021-26382; updating firmware is the recommended solution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203