Lucene search

[email protected]CVE-2021-46754

HistoryMay 09, 2023 - 8:15 p.m.

CVE-2021-46754

2023-05-0920:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-46754

asp bootloader

input validation

confidentiality

integrity

amd secure processor

smu

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.8%

JSON

Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce the bootloader into exposing sensitive information to the SMU
(System Management Unit) resulting in a potential loss of confidentiality and
integrity.

CPENameOperatorVersion
amd:ryzen_5300g_firmwareamd ryzen 5300g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5300ge_firmwareamd ryzen 5300ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5500_firmwareamd ryzen 5500 firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600_firmwareamd ryzen 5600 firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600g_firmwareamd ryzen 5600g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600ge_firmwareamd ryzen 5600ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600x_firmwareamd ryzen 5600x firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700g_firmwareamd ryzen 5700g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700ge_firmwareamd ryzen 5700ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700x_firmwareamd ryzen 5700x firmwareeqcezannepi-fp6_1.0.0.6

CPE	Name	Operator	Version
amd:ryzen_5300g_firmware	amd ryzen 5300g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5300ge_firmware	amd ryzen 5300ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5500_firmware	amd ryzen 5500 firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600_firmware	amd ryzen 5600 firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600g_firmware	amd ryzen 5600g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600ge_firmware	amd ryzen 5600ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600x_firmware	amd ryzen 5600x firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700g_firmware	amd ryzen 5700g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700ge_firmware	amd ryzen 5700ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700x_firmware	amd ryzen 5700x firmware	eq	cezannepi-fp6_1.0.0.6

Rows per page:

1-10 of 1681

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

50.8%

JSON

Related for CVE-2021-46754

cvelist1 prion1 amd2 hp1