CVE-2021-46763

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™AMD Epyc 7232p Firmware +47 more

Timeline

PublishedMay 9

Description

Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages50 packages

▶CVEListV5amd/2nd_gen_amd_epyc™various

▶CVEListV5amd/3rd_gen_amd_epyc™various

▶NVDamd/epyc_7252_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7262_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7272_firmwareromepi_1.0.0.e

🔴Vulnerability Details

CVEList

CVE-2021-46763: Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially le↗2023-05-09

▶

GHSA

GHSA-4c6m-4p4p-3j5f: Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially le↗2023-05-09

▶