Lucene search

[email protected]CVE-2021-46769

HistoryMay 09, 2023 - 7:15 p.m.

CVE-2021-46769

2023-05-0919:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-46769

insufficient input validation

asp bootloader

dma copies

code execution

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

Insufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead to code execution.

CPENameOperatorVersion
amd:epyc_72f3_firmwareamd epyc 72f3 firmwareeqmilanpi_1.0.0.9
amd:epyc_7313_firmwareamd epyc 7313 firmwareeqmilanpi_1.0.0.9
amd:epyc_7313p_firmwareamd epyc 7313p firmwareeqmilanpi_1.0.0.9
amd:epyc_7343_firmwareamd epyc 7343 firmwareeqmilanpi_1.0.0.9
amd:epyc_7373x_firmwareamd epyc 7373x firmwareeqmilanpi_1.0.0.9
amd:epyc_73f3_firmwareamd epyc 73f3 firmwareeqmilanpi_1.0.0.9
amd:epyc_7413_firmwareamd epyc 7413 firmwareeqmilanpi_1.0.0.9
amd:epyc_7443_firmwareamd epyc 7443 firmwareeqmilanpi_1.0.0.9
amd:epyc_7443p_firmwareamd epyc 7443p firmwareeqmilanpi_1.0.0.9
amd:epyc_7453_firmwareamd epyc 7453 firmwareeqmilanpi_1.0.0.9

CPE	Name	Operator	Version
amd:epyc_72f3_firmware	amd epyc 72f3 firmware	eq	milanpi_1.0.0.9
amd:epyc_7313_firmware	amd epyc 7313 firmware	eq	milanpi_1.0.0.9
amd:epyc_7313p_firmware	amd epyc 7313p firmware	eq	milanpi_1.0.0.9
amd:epyc_7343_firmware	amd epyc 7343 firmware	eq	milanpi_1.0.0.9
amd:epyc_7373x_firmware	amd epyc 7373x firmware	eq	milanpi_1.0.0.9
amd:epyc_73f3_firmware	amd epyc 73f3 firmware	eq	milanpi_1.0.0.9
amd:epyc_7413_firmware	amd epyc 7413 firmware	eq	milanpi_1.0.0.9
amd:epyc_7443_firmware	amd epyc 7443 firmware	eq	milanpi_1.0.0.9
amd:epyc_7443p_firmware	amd epyc 7443p firmware	eq	milanpi_1.0.0.9
amd:epyc_7453_firmware	amd epyc 7453 firmware	eq	milanpi_1.0.0.9

Rows per page:

1-10 of 481

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVE-2021-46769

prion1 cvelist1 amd1