Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-46758
HistoryNov 14, 2023 - 7:15 p.m.

CVE-2021-46758

2023-11-1419:15:00
NVD-CWE-noinfo
[email protected]
web.nvd.nist.gov
23
cve
security
validation
spi flash
asp
amd
secure processor
bootloader
memory
attack

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

14.8%

JSON

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

CPENameOperatorVersion
amd:ryzen_7_5700g_firmwareamd ryzen 7 5700g firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_7_5700ge_firmwareamd ryzen 7 5700ge firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_5_5600g_firmwareamd ryzen 5 5600g firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_5_5600ge_firmwareamd ryzen 5 5600ge firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_3_5300g_firmwareamd ryzen 3 5300g firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_3_5300ge_firmwareamd ryzen 3 5300ge firmwareltcomboam4v2_pi_1.2.0.8
amd:ryzen_9_7950x3d_firmwareamd ryzen 9 7950x3d firmwareltcomboam5_1.0.0.1
amd:ryzen_9_7900x3d_firmwareamd ryzen 9 7900x3d firmwareltcomboam5_1.0.0.1
amd:ryzen_7_7800x3d_firmwareamd ryzen 7 7800x3d firmwareltcomboam5_1.0.0.1
amd:ryzen_9_4900h_firmwareamd ryzen 9 4900h firmwareltrenoirpi-fp6_1.0.0.a
Rows per page:
1-10 of 611

Related

cvelist 1
prion 1
hp 1
amd 1
cvelist
cvelist
CVE-2021-46758
2023-11-14 18:54:25
prion
prion
Input validation
2023-11-14 19:15:00
hp
hp
AMD Client UEFI Firmware November 2023 Security Update
2024-01-08 00:00:00
amd
amd
AMD Client Vulnerabilities – November 2023
2023-11-14 00:00:00

6.1 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.2 High

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

14.8%

JSON
Related for CVE-2021-46758
cvelist1prion1hp1amd1