Description
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
Published: 2026-05-15
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when a compromised Trusted OS driver issues a malformed instruction allowing it to read or write memory beyond its allocated bounds. This can corrupt data, leading to integrity violations of system memory and critical structures. The weakness is a classic out‑of‑bounds access flaw (CWE‑190).

Affected Systems

AMD processors and graphics products in the 3000 to 7030 series, including Ryzen, Athlon and Radeon series listed in the CVE data. Versions affected are unspecified; any hardware with the documented Trusted OS driver is vulnerable until updated by a vendor release.

Risk and Exploitability

The CVSS score of 1.8 indicates a low overall severity. No EPSS data is available, and the vulnerability is not in the CISA KEV catalog, suggesting limited exploitation likelihood. The attack vector remains unclear; it is inferred that a local adversary with the ability to execute code within the Trusted OS space would need to construct the malformed call to exploit it.

Generated by OpenCVE AI on May 15, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD firmware or driver update that corrects the Trusted OS memory access flaw.
  • Reboot the platform to ensure the updated driver is active.
  • Verify Trusted OS driver integrity by checking cryptographic signatures or using AMD Security tools, and remove any untrusted or custom drivers.

Generated by OpenCVE AI on May 15, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Trusted OS Driver Vulnerability Allowing Out‑of‑Bounds Memory Access

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
Weaknesses CWE-190
References
Metrics cvssV4_0

{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:21:36.142Z

Reserved: 2021-01-29T21:24:26.159Z

Link: CVE-2021-26380

cve-icon Vulnrichment

Updated: 2026-05-15T13:21:32.239Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:20.030

Modified: 2026-05-15T14:10:17.083

Link: CVE-2021-26380

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses