DATABASE RESOURCES PRICING ABOUT US

{"id": "RH:CVE-2021-46795", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2021-46795", "description": "A Time-of-check to time-of-use (TOCTOU) vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment (TEE) operating system to read memory out-of-bounds, potentially resulting in a denial of service.\n#### Mitigation\n\nPlease contact AMD for more updates on this flaw. \n\n", "published": "2023-01-25T13:05:39", "modified": "2023-03-08T01:25:42", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.0, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2021-46795", "reporter": "redhat.com", "references": ["https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031", "https://bugzilla.redhat.com/show_bug.cgi?id=2164382"], "cvelist": ["CVE-2021-46795"], "immutableFields": [], "lastseen": "2023-03-08T02:10:29", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "amd", "idList": ["AMD-SB-1031"]}, {"type": "cve", "idList": ["CVE-2021-46795"]}, {"type": "hp", "idList": ["HPSBHF03831"]}]}, "score": {"value": 4.4, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-46795", "epss": "0.000430000", "percentile": "0.069220000", "modified": "2023-03-20"}], "vulnersScore": 4.4}, "_state": {"dependencies": 1678241592, "score": 1678241515, "epss": 1679355295}, "_internal": {"score_hash": "ecc0be48439d35d22329b8674dd0b438"}, "vendorCvss": {"score": "1.9", "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L"}}

{"cve": [{"lastseen": "2023-02-09T14:38:08", "description": "A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-11T08:15:00", "type": "cve", "title": "CVE-2021-46795", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-46795"], "modified": "2023-01-20T18:36:00", "cpe": [], "id": "CVE-2021-46795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46795", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "hp": [{"lastseen": "2023-03-20T22:27:36", "description": "AMD\u00ae has informed HP of potential vulnerabilities identified in the AMD client platform firmware components which might allow arbitrary code execution and/or denial of service. AMD is releasing firmware updates to mitigate these vulnerabilities. \n\nAMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below. \n", "cvss3": {}, "published": "2023-01-10T00:00:00", "type": "hp", "title": "AMD Client UEFI Firmware January 2023 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-26316", "CVE-2021-26346", "CVE-2021-46795"], "modified": "2023-03-20T00:00:00", "id": "HPSBHF03831", "href": "https://support.hp.com/us-en/document/ish_7491443-7491471-16/HPSBHF03831", "cvss": {"score": "7.9", "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/"}}]}