CVE-2021-46762

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.0%

top 88.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™AMD AMD Epyc™ Embedded 7002 +49 more

Timeline

PublishedMay 9

Description

Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages52 packages

▶CVEListV5amd/2nd_gen_amd_epyc™various

▶CVEListV5amd/3rd_gen_amd_epyc™various

▶NVDamd/epyc_7252_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7262_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7272_firmwareromepi_1.0.0.e

🔴Vulnerability Details

CVEList

CVE-2021-46762: Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service↗2023-05-09

▶

GHSA

GHSA-65xx-vwx2-w8qf: Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service↗2023-05-09

▶