Lucene search

[email protected]NVD:CVE-2021-46766

HistoryNov 14, 2023 - 7:15 p.m.

CVE-2021-46766

2023-11-1419:15:10

CWE-459

[email protected]

web.nvd.nist.gov

asp bootloader

sensitive data

secret keys

privileged attacker

asp sram

loss of confidentiality

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Affected configurations

NVD

Node

amdepyc_9654p_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9654pMatch-

Node

amdepyc_9654_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9654Match-

Node

amdepyc_9634_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9634Match-

Node

amdepyc_9554p_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9554pMatch-

Node

amdepyc_9554_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9554Match-

Node

amdepyc_9534_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9534Match-

Node

amdepyc_9474f_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9474fMatch-

Node

amdepyc_9454p_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9454pMatch-

Node

amdepyc_9454_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9454Match-

Node

amdepyc_9374f_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9374fMatch-

Node

amdepyc_9354p_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9354pMatch-

Node

amdepyc_9354_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9354Match-

Node

amdepyc_9334_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9334Match-

Node

amdepyc_9274f_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9274fMatch-

Node

amdepyc_9254_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9254Match-

Node

amdepyc_9224_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9224Match-

Node

amdepyc_9174f_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9174fMatch-

Node

amdepyc_9124_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9124Match-

Node

amdepyc_9684x_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9684xMatch-

Node

amdepyc_9384x_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9384xMatch-

Node

amdepyc_9184x_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9184xMatch-

Node

amdepyc_9754_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9754Match-

Node

amdepyc_9754s_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9754sMatch-

Node

amdepyc_9734_firmwareRange<genoapi_1.0.0.4

AND

amdepyc_9734Match-

Node

amdryzen_threadripper_pro_3995wx_firmwareRange<chagallwspi-swrx8_1.0.0.5

AND

amdryzen_threadripper_pro_3995wxMatch-

Node

amdryzen_threadripper_pro_3975wx_firmwareRange<chagallwspi-swrx8_1.0.0.5

AND

amdryzen_threadripper_pro_3975wxMatch-

Node

amdryzen_threadripper_pro_3955wx_firmwareRange<chagallwspi-swrx8_1.0.0.5

AND

amdryzen_threadripper_pro_3955wxMatch-

Node

amdryzen_threadripper_pro_3945wx_firmwareRange<chagallwspi-swrx8_1.0.0.5

AND

amdryzen_threadripper_pro_3945wxMatch-

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2021-46766

prion1 cve1 cvelist1 openvas3 amd3 nessus2