CVE-2021-46757Improper Restriction of Operations within the Bounds of a Memory Buffer in AMD Ryzen Embedded 5600e Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
AMD Ryzen Embedded 5600e FirmwareAMD Ryzen Embedded 5800e FirmwareAMD Ryzen Embedded 5900e Firmware+9 more
Timeline
PublishedFeb 13

Description

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

NVDamd/ryzen_embedded_5600e_firmware< embam4pi_1.0.0.0
NVDamd/ryzen_embedded_5800e_firmware< embam4pi_1.0.0.0
NVDamd/ryzen_embedded_5900e_firmware< embam4pi_1.0.0.0
NVDamd/ryzen_embedded_5950e_firmware< embam4pi_1.0.0.0
NVDamd/ryzen_embedded_r2312_firmware< embeddedpi-fp6_1.0.0.6

🔴Vulnerability Details

2
GHSA
GHSA-5fqp-6xx2-943w: Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual ad2024-02-13
CVEList
CVE-2021-46757: Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual ad2024-02-13
CVE-2021-46757 — AMD vulnerability | cvebase