CVE-2021-46759

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 81.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” ULP AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”AMD Ryzen™ 2000 Series Desktop Processors “raven Ridge” AM4 +61 more

Timeline

PublishedMay 9

Description

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages64 packages

▶CVEListV5amd/ryzen™_2000_series_mobile_processors_“raven_ridge”_fp5various

▶CVEListV5amd/ryzen™_2000_series_desktop_processors_“raven_ridge”_am4various

▶CVEListV5amd/ryzen™_3000_series_mobile_processors_with_radeon™_graphics_“renoir”various

▶CVEListV5amd/ryzen™_5000_series_mobile_processors_with_radeon™_graphics_“cezanne”various

▶CVEListV5amd/athlon™_3000_series_mobile_processors_with_radeon™_graphics_“pollock”various

🔴Vulnerability Details

CVEList

CVE-2021-46759: Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that run↗2023-05-09

▶

GHSA

GHSA-gp8r-64c4-ggqw: Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that run↗2023-05-09

▶

External resources

NVD MITRE

Affected products64

AMD Athlon Gold 3150g Firmwarevpicassopi-fp5_1.0.0.evpollockpi-ft5_1.0.0.4

AMD Athlon Gold 3150ge Firmwarevpicassopi-fp5_1.0.0.evpollockpi-ft5_1.0.0.4

AMD Athlon Silver 3050ge Firmwarevpicassopi-fp5_1.0.0.evpollockpi-ft5_1.0.0.4

AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” ULPvvarious

AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”vvarious

AMD Ryzen 1200 \(af\) Firmwarevcomboam4pi_1.0.0.9vcomboam4v2_pi_1.2.0.8vpinnaclepi-am4_1.0.0.d+1 more

AMD Ryzen 1600 \(af\) Firmwarevcomboam4pi_1.0.0.9vcomboam4v2_pi_1.2.0.8vpinnaclepi-am4_1.0.0.d+1 more

AMD Ryzen 2200g Firmwarevcomboam4pi_1.0.0.9vcomboam4v2_pi_1.2.0.8vpinnaclepi-am4_1.0.0.d+1 more

AMD Ryzen 2200ge Firmwarevcomboam4pi_1.0.0.9vcomboam4v2_pi_1.2.0.8vpinnaclepi-am4_1.0.0.d+1 more

AMD Ryzen 2300x Firmwarevcomboam4pi_1.0.0.9vcomboam4v2_pi_1.2.0.8vpinnaclepi-am4_1.0.0.d+1 more

Disclosure

PublishedMay 9, 2023