CVE-2021-46764

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 63.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™AMD Epyc 7232p Firmware +47 more

Timeline

PublishedMay 9

Description

Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages50 packages

▶CVEListV5amd/2nd_gen_amd_epyc™various

▶CVEListV5amd/3rd_gen_amd_epyc™various

▶NVDamd/epyc_7252_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7262_firmwareromepi_1.0.0.e

▶NVDamd/epyc_7272_firmwareromepi_1.0.0.e

🔴Vulnerability Details

GHSA

GHSA-975m-88pr-xfj6: Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a d↗2023-05-09

▶

CVEList

CVE-2021-46764: Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a d↗2023-05-09

▶