CVE-2021-26369

Q: What is the severity of CVE-2021-26369?

CVE-2021-26369 has a CVSS score of 7.8 (HIGH). CVE-2021-26369 is an AMD Secure Processor bootloader vulnerability where malicious or compromised UApp/ABL can send malformed system calls, causing out-of-bounds memory accesses. This affects AMD processors with vulnerable bootloader implementations, potentially allowing attackers to compromise system integrity.

7.8 HIGH

📋 TL;DR

CVE-2021-26369 is an AMD Secure Processor bootloader vulnerability where malicious or compromised UApp/ABL can send malformed system calls, causing out-of-bounds memory accesses. This affects AMD processors with vulnerable bootloader implementations, potentially allowing attackers to compromise system integrity.

💻 Affected Systems

Products:

AMD processors with vulnerable bootloader implementations

Versions: Specific versions not publicly detailed in advisory

Operating Systems: All operating systems running on affected AMD hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in AMD Secure Processor bootloader, affecting systems regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution in bootloader context, potentially bypassing security controls and establishing persistence.

🟠

Likely Case

Local privilege escalation or denial of service through memory corruption in the bootloader environment.

🟢

If Mitigated

Limited impact if systems are patched and have proper access controls preventing unauthorized UApp/ABL execution.

🌐 Internet-Facing: LOW - Requires local access or ability to execute malicious UApp/ABL, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised internal systems could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires ability to execute malicious UApp or ABL, which typically requires some level of system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to AMD advisory for specific BIOS/UEFI firmware updates

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Restart Required: Yes

Instructions:

1. Check AMD advisory for affected processor models. 2. Obtain updated BIOS/UEFI firmware from system manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Restrict UApp/ABL execution

all

Implement controls to prevent unauthorized UApp or ABL execution through system policies

System-specific configuration commands vary by platform

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from executing UApp/ABL
Monitor for suspicious bootloader-related activities and system integrity violations

🔍 How to Verify

Check if Vulnerable:

Check system BIOS/UEFI firmware version against manufacturer's patched versions for your AMD processor model

Check Version:

System-specific: On Windows: wmic bios get smbiosbiosversion; On Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS/UEFI firmware version matches or exceeds patched version specified by manufacturer

📡 Detection & Monitoring

Log Indicators:

Unexpected bootloader activity
System integrity violations
Failed firmware update attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Search for bootloader-related errors, firmware modification events, or system integrity alerts

📊 Metadata

CVE ID: CVE-2021-26369

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: May 12, 2022

Last Updated: November 21, 2024

🔗 References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Athlon 3050ge Firmware by Amd

Athlon 3150g Firmware by Amd

Athlon 3150ge Firmware by Amd

Radeon Software by Amd

Ryzen 3 2200u Firmware by Amd

Ryzen 3 2300u Firmware by Amd

Ryzen 3 3100 Firmware by Amd

Ryzen 3 3300g Firmware by Amd

Ryzen 3 3300x Firmware by Amd

Ryzen 3 5125c Firmware by Amd

Ryzen 3 5400u Firmware by Amd

Ryzen 3 5425c Firmware by Amd

Ryzen 3 5425u Firmware by Amd

Ryzen 5 2500u Firmware by Amd

Ryzen 5 2600 Firmware by Amd

Ryzen 5 2600h Firmware by Amd

Ryzen 5 2600x Firmware by Amd

Ryzen 5 3400g Firmware by Amd

Ryzen 5 3450g Firmware by Amd

Ryzen 5 3600 Firmware by Amd

Ryzen 5 3600x Firmware by Amd

Ryzen 5 5600h Firmware by Amd

Ryzen 5 5600hs Firmware by Amd

Ryzen 5 5600u Firmware by Amd

Ryzen 5 5600x Firmware by Amd

Ryzen 5 5625c Firmware by Amd

Ryzen 5 5625u Firmware by Amd

Ryzen 5 5700g Firmware by Amd

Ryzen 5 5700ge Firmware by Amd

Ryzen 7 2700 Firmware by Amd

Ryzen 7 2700u Firmware by Amd

Ryzen 7 2700x Firmware by Amd

Ryzen 7 2800h Firmware by Amd

Ryzen 7 3700x Firmware by Amd

Ryzen 7 3800x Firmware by Amd

Ryzen 7 5800h Firmware by Amd

Ryzen 7 5800hs Firmware by Amd

Ryzen 7 5800u Firmware by Amd

Ryzen 7 5825c Firmware by Amd

Ryzen 7 5825u Firmware by Amd

Ryzen 9 3900x Firmware by Amd

Ryzen 9 3950x Firmware by Amd

Ryzen 9 5900hs Firmware by Amd

Ryzen 9 5900hx Firmware by Amd

Ryzen 9 5980hs Firmware by Amd

Ryzen 9 5980hx Firmware by Amd

Ryzen Threadripper 2920x Firmware by Amd

Ryzen Threadripper 2950x Firmware by Amd

Ryzen Threadripper 2970wx Firmware by Amd

Ryzen Threadripper 2990wx Firmware by Amd