CVE-2021-46758AMD Ryzen 5000 Series Desktop Processor With Radeon Graphics Cezanne vulnerability

3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 67.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
70
AMD Ryzen 3 4300u FirmwareAMD Ryzen 3 5125c FirmwareAMD Ryzen 3 5300g Firmware+67 more
Timeline
PublishedNov 14

Description

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 0.9 | Impact: 5.2

Affected Packages70 packages

🔴Vulnerability Details

2
CVEList
CVE-2021-46758: Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond2023-11-14
GHSA
GHSA-qvg6-x224-c55m: Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond2023-11-14
CVE-2021-46758 — AMD vulnerability | cvebase