A Time-of-check to time-of-use (TOCTOU) vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment (TEE) operating system to read memory out-of-bounds, potentially resulting in a denial of service.
#### Mitigation
Please contact AMD for more updates on this flaw.
{"id": "RH:CVE-2021-46795", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2021-46795", "description": "A Time-of-check to time-of-use (TOCTOU) vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment (TEE) operating system to read memory out-of-bounds, potentially resulting in a denial of service.\n#### Mitigation\n\nPlease contact AMD for more updates on this flaw. \n\n", "published": "2023-01-25T13:05:39", "modified": "2023-04-06T09:32:01", "epss": [{"cve": "CVE-2021-46795", "epss": 0.00043, "percentile": 0.07081, "modified": "2023-05-23"}], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.0, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2021-46795", "reporter": "redhat.com", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46795\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46795\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031", "https://bugzilla.redhat.com/show_bug.cgi?id=2164382"], "cvelist": ["CVE-2021-46795"], "immutableFields": [], "lastseen": "2023-05-23T17:13:17", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "amd", "idList": ["AMD-SB-1031"]}, {"type": "cve", "idList": ["CVE-2021-46795"]}, {"type": "hp", "idList": ["HPSBHF03831"]}]}, "score": {"value": 4.4, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-46795", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}], "vulnersScore": 4.4}, "_state": {"dependencies": 1685089701, "score": 1684862610, "epss": 0}, "_internal": {"score_hash": "ecc0be48439d35d22329b8674dd0b438"}, "vendorCvss": {"score": "1.9", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L"}}
{"cve": [{"lastseen": "2023-05-23T15:53:22", "description": "A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-11T08:15:00", "type": "cve", "title": "CVE-2021-46795", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-46795"], "modified": "2023-01-20T18:36:00", "cpe": [], "id": "CVE-2021-46795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46795", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "hp": [{"lastseen": "2023-05-27T15:02:04", "description": "AMD\u00ae has informed HP of potential vulnerabilities identified in the AMD client platform firmware components which might allow arbitrary code execution and/or denial of service. AMD is releasing firmware updates to mitigate these vulnerabilities. \n\nAMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below. \n", "cvss3": {}, "published": "2023-01-10T00:00:00", "type": "hp", "title": "AMD Client UEFI Firmware January 2023 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-26316", "CVE-2021-26346", "CVE-2021-46795"], "modified": "2023-03-20T00:00:00", "id": "HPSBHF03831", "href": "https://support.hp.com/us-en/document/ish_7491443-7491471-16/HPSBHF03831", "cvss": {"score": "7.9", "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/"}}], "amd": [{"lastseen": "2023-05-27T16:26:22", "description": "**Bulletin ID:** AMD-SB-1031 \n**Potential Impact:** Varies by CVE, see descriptions below \n**Severity:**Varies by CVE, see descriptions below\n\n## Summary\n\nIn collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered and are being mitigated in AGESA\u2122 PI software packages associated with AMD Athlon\u2122 Processors, Ryzen\u2122 Processors and Threadripper\u2122 Processors.\n\n## CVE Details\n\nRefer to Glossary for explanation of terms\n\n**CVE**| **Severity**| **Description** \n---|---|--- \nCVE\u20112021\u201126316| High| Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. \nCVE\u20112021\u201126346| Medium| Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. \nCVE\u20112021\u201146795| Low| A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. \n \n## Mitigation\n\nThe AGESA\u2122 versions listed below have been released to the Original Equipment Manufacturers (OEM) to mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.\n\n**DESKTOP**\n\n**CVE**| **AMD Ryzen\u2122 2000 series Desktop Processors \n\u201cRaven Ridge\u201d AM4**| **AMD Ryzen\u2122 2000 Series Desktop Processors \n\u201cPinnacle Ridge\u201d**| **AMD Ryzen\u2122 3000 Series Desktop Processors \n\u201cMatisse\u201d AM4**| **AMD Ryzen\u2122 5000 Series Desktop Processors \n\u201cVermeer\u201d AM4**| **AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \n\u201cCezanne\u201d AM4** \n---|---|---|---|---|--- \n**Minimum version to mitigate all listed CVEs**| **Raven-FP5-AM4 1.1.0.D \nComboAM4PI 1.0.0.8 \nComboAM4v2 PI 1.2.0.4 \nPinnaclePI-AM4 1.0.0.C**| **PinnaclePI-AM4 1.0.0.C \nComboAM4PI 1.0.0.8 \nComboAM4v2 PI 1.2.0.4**| **N/A**| **N/A**| **ComboAM4v2 PI 1.2.0.8** \nCVE\u20112021\u201126316| Raven-FP5-AM4 1.1.0.D \nComboAM4PI 1.0.0.8 \nComboAM4v2 PI 1.2.0.4 \nPinnaclePI-AM4 1.0.0.C| PinnaclePI-AM4 1.0.0.C \nComboAM4PI 1.0.0.8 \nComboAM4v2 PI 1.2.0.4| N/A| N/A| ComboAM4v2 PI 1.2.0.4 \nCVE\u20112021\u201126346| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.8 \nCVE\u20112021\u201146795| N/A| N/A| N/A| N/A| ComboAM4v2 PI 1.2.0.5 \n \n**HIGH END DESKTOP**\n\n**CVE**| **2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \n\u201cColfax\u201d**| **3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \n\u201cCastle Peak\u201d HEDT** \n---|---|--- \n**Minimum version to mitigate all listed CVEs**| **SummitPI-SP3r2 1.1.0.5**| **CastlePeakPI-SP3r3 1.0.0.6** \nCVE\u20112021\u201126316| SummitPI-SP3r2 1.1.0.5| CastlePeakPI-SP3r3 1.0.0.6 \nCVE\u20112021\u201126346| N/A| N/A \nCVE\u20112021\u201146795| N/A| N/A \n \n**WORKSTATION**\n\n**CVE**| **AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \n\u201cCastle Peak\u201d WS**| **AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \n\u201cChagall\u201d WS** \n---|---|--- \n**Minimum version to mitigate all listed CVEs**| **CastlePeakWSPI-sWRX8 1.0.0.7 \nChagallWSPI-sWRX8 0.0.9.0**| **N/A** \nCVE\u20112021\u201126316| CastlePeakWSPI-sWRX8 1.0.0.7 \nChagallWSPI-sWRX8 0.0.9.0| N/A \nCVE\u20112021\u201126346| N/A| N/A \nCVE\u20112021\u201146795| N/A| N/A \n \n**MOBILE - AMD Athlon\u2122 Series**\n\n**CVE**| **AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \n\u201cDali\u201d/\u201dDali\u201d ULP**| **AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \n\u201cPollock\u201d** \n---|---|--- \n**Minimum version to mitigate all listed CVEs**| **PicassoPI-FP5 1.0.0.D**| **PollockPI-FT5 1.0.0.3** \nCVE\u20112021\u201126316| PicassoPI-FP5 1.0.0.D| PollockPI-FT5 1.0.0.3 \nCVE\u20112021\u201126346| N/A| N/A \nCVE\u20112021\u201146795| N/A| N/A \n \n**MOBILE - AMD Ryzen\u2122 Series**\n\n**CVE**| **AMD Ryzen\u2122 2000 Series Mobile Processors \n\u201cRaven Ridge\u201d FP5**| **AMD Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \n\u201cPicasso\u201d**| **AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \n\u201cRenoir\u201d FP6**| **AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \n\u201cLucienne\u201d**| **AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \n\u201cCezanne\u201d**| **AMD Ryzen\u2122 6000 Series Mobile Processors \n\"Rembrandt\"** \n---|---|---|---|---|---|--- \n**Minimum version to mitigate all listed CVEs**| **N/A**| **PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4**| **RenoirPI-FP6 1.0.0.9 \nComboAM4v2 PI 1.2.0.8**| **CezannePI-FP6 1.0.0.B**| **CezannePI-FP6 1.0.0.B**| **N/A** \nCVE\u20112021\u201126316| N/A| PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4| RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.4| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A \nCVE\u20112021\u201126346| N/A| N/A| RenoirPI-FP6 1.0.0.9 \nComboAM4v2 PI 1.2.0.8| CezannePI-FP6 1.0.0.B| CezannePI-FP6 1.0.0.B| N/A \nCVE\u20112021\u201146795| N/A| N/A| RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.5| CezannePI-FP6 1.0.0.6| CezannePI-FP6 1.0.0.6| N/A\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-10T00:00:00", "type": "amd", "title": "AMD Client Vulnerabilities \u2013 January 2023", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26316", "CVE-2021-26346", "CVE-2021-46795"], "modified": "2023-01-10T00:00:00", "id": "AMD-SB-1031", "href": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1031.html", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}]}
CVE-2021-46795
