Lucene search

[email protected]CVE-2021-46771

HistoryMay 10, 2022 - 7:15 p.m.

CVE-2021-46771

2022-05-1019:15:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2021-46771

amd

secure processor

asp

firmware

system call

arbitrary code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.

Affected configurations

NVD

Node

amdepyc_7763_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7763Match-

Node

amdepyc_7713p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713pMatch-

Node

amdepyc_7713_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7713Match-

Node

amdepyc_7663_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7663Match-

Node

amdepyc_7643_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7643Match-

Node

amdepyc_75f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_75f3Match-

Node

amdepyc_7543p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543pMatch-

Node

amdepyc_7543_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7543Match-

Node

amdepyc_7513_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7513Match-

Node

amdepyc_7453_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7453Match-

Node

amdepyc_74f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_74f3Match-

Node

amdepyc_7443p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443pMatch-

Node

amdepyc_7443_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7443Match-

Node

amdepyc_7413_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7413Match-

Node

amdepyc_73f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_73f3Match-

Node

amdepyc_7343_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7343Match-

Node

amdepyc_7313p_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313pMatch-

Node

amdepyc_7313_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7313Match-

Node

amdepyc_72f3_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_72f3Match-

Node

amdepyc_7773x_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7773xMatch-

Node

amdepyc_7473x_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7473xMatch-

Node

amdepyc_7573x_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7573xMatch-

Node

amdepyc_7373x_firmwareRange<milanpi-sp3_1.0.0.4

AND

amdepyc_7373xMatch-

CPENameOperatorVersion
amd:epyc_7763_firmwareamd epyc 7763 firmwareltmilanpi-sp3_1.0.0.4

CPE	Name	Operator	Version
amd:epyc_7763_firmware	amd epyc 7763 firmware	lt	milanpi-sp3_1.0.0.4

CNA Affected

[
  {
    "product": "3rd Gen AMD EPYC™",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "MilanPI-SP3_1.0.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2021-46771

prion1 cvelist1 nvd1 amd1