CVE-2021-46765

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 63.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
49
AMD Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “renoir”AMD Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” AM4AMD Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”+46 more
Timeline
PublishedMay 9

Description

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages49 packages

NVDamd/ryzen_3100_firmwarecomboam4v2_pi_1.2.0.8, renoirpi-fp6_1.0.0.9+1
NVDamd/ryzen_3500_firmwarecomboam4v2_pi_1.2.0.8, renoirpi-fp6_1.0.0.9+1
NVDamd/ryzen_3600_firmwarecomboam4v2_pi_1.2.0.8, renoirpi-fp6_1.0.0.9+1
NVDamd/ryzen_3900_firmwarecomboam4v2_pi_1.2.0.8, renoirpi-fp6_1.0.0.9+1
NVDamd/ryzen_5500_firmwarecezannepi-fp6_1.0.0.b, comboam4v2_pi_1.2.0.8+1

🔴Vulnerability Details

2
GHSA
GHSA-vfqw-535x-mpvj: Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially lea2023-05-09
CVEList
CVE-2021-46765: Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially lea2023-05-09