Lucene search

[email protected]CVE-2021-46792

HistoryMay 09, 2023 - 8:15 p.m.

CVE-2021-46792

2023-05-0920:15:00

CWE-367

[email protected]

web.nvd.nist.gov

cve-2021-46792

time-of-check time-of-use

toctou

bios2psp

denial of service

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.7%

JSON

Time-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon
an S3 resume event potentially leading to a denial of service.

CPENameOperatorVersion
amd:ryzen_5300g_firmwareamd ryzen 5300g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5300ge_firmwareamd ryzen 5300ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5500_firmwareamd ryzen 5500 firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600_firmwareamd ryzen 5600 firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600g_firmwareamd ryzen 5600g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600ge_firmwareamd ryzen 5600ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5600x_firmwareamd ryzen 5600x firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700g_firmwareamd ryzen 5700g firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700ge_firmwareamd ryzen 5700ge firmwareeqcezannepi-fp6_1.0.0.6
amd:ryzen_5700x_firmwareamd ryzen 5700x firmwareeqcezannepi-fp6_1.0.0.6

CPE	Name	Operator	Version
amd:ryzen_5300g_firmware	amd ryzen 5300g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5300ge_firmware	amd ryzen 5300ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5500_firmware	amd ryzen 5500 firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600_firmware	amd ryzen 5600 firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600g_firmware	amd ryzen 5600g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600ge_firmware	amd ryzen 5600ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5600x_firmware	amd ryzen 5600x firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700g_firmware	amd ryzen 5700g firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700ge_firmware	amd ryzen 5700ge firmware	eq	cezannepi-fp6_1.0.0.6
amd:ryzen_5700x_firmware	amd ryzen 5700x firmware	eq	cezannepi-fp6_1.0.0.6

Rows per page:

1-10 of 991

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for CVE-2021-46792

prion1 cvelist1 amd1 hp1