CVE-2021-46766

CWE-4593 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 90.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
31
AMD Epyc 9124 FirmwareAMD Epyc 9174f FirmwareAMD Epyc 9184x Firmware+28 more
Timeline
PublishedNov 14

Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages31 packages

NVDamd/epyc_9124_firmware< genoapi_1.0.0.4
NVDamd/epyc_9224_firmware< genoapi_1.0.0.4
NVDamd/epyc_9254_firmware< genoapi_1.0.0.4
NVDamd/epyc_9334_firmware< genoapi_1.0.0.4
NVDamd/epyc_9354_firmware< genoapi_1.0.0.4

🔴Vulnerability Details

2
GHSA
GHSA-34xr-h92c-2m86: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a2023-11-14
CVEList
CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a2023-11-14
CVE-2021-46766 (MEDIUM CVSS 5.5) | Improper clearing of sensitive data | cvebase.io