CVE-2021-46756

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.2%

top 63.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 1ST GEN AMD Epyc™ Processors AMD 2ND GEN AMD Epyc™ Processors AMD 2ND GEN AMD Ryzen™ Threadripper™ Processors “colfax”+77 more

Timeline

PublishedMay 9

Description

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages80 packages

▶CVEListV5amd/1st_gen_amd_epyc™_processorsvarious

▶CVEListV5amd/2nd_gen_amd_epyc™_processorsvarious

▶CVEListV5amd/3rd_gen_amd_epyc™_processorsvarious

▶CVEListV5amd/ryzen™_3000_series_desktop_processors_“matisse”_am4various

▶CVEListV5amd/2nd_gen_amd_ryzen™_threadripper™_processors_“colfax”various

🔴Vulnerability Details

GHSA

GHSA-p57x-q6x3-v235: Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or AB↗2023-05-09

▶

CVEList

CVE-2021-46756: Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or AB↗2023-05-09

▶