Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
AnalysisAI
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. Rated low severity (CVSS 1.8). No vendor patch available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. Affected products include: Amd Amd Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics, Amd Amd Ryzen™ Threadripper™ Pro 5000 Wx-Series Processors, Amd Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics, Amd Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics, Amd Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrat
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2021-13186
GHSA-fq4j-p777-724r