Lucene search

PRIOn knowledge basePRION:CVE-2021-46795

HistoryJan 11, 2023 - 8:15 a.m.

Out-of-bounds

2023-01-1108:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

7.2%

JSON

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

CPENameOperatorVersion
cezannepi-fp6_firmwarelt1.0.0.6
comboam4v2_pi_firmwarelt1.2.0.5
renoirpi-fp6_firmwarelt1.0.0.7

Name	Operator	Version
cezannepi-fp6_firmware	lt	1.0.0.6
comboam4v2_pi_firmware	lt	1.2.0.5
renoirpi-fp6_firmware	lt	1.0.0.7

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

7.2%

JSON

Related for PRION:CVE-2021-46795