CVE-2021-26410
Awaiting Analysis
Awaiting Analysis - Queue
Information Disclosure via Improper Syscall Validation in AMD ASP
Vulnerability report for CVE-2021-26410, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | secure_processor | * |
| amd | radeon_software_pro_edition | 25.10.10 |
| amd | radeon_software_for_linux | 25.10.1 |
| amd | athlon | * |
| amd | ryzen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-822 | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |