CVE-2021-46772 — Out-of-bounds Read in AMD Athlon 3000 Series Desktop Processors With Radeon Graphics

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

3.9LOWNVD

EPSS

0.0%

top 91.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Desktop Processors With Radeon Graphics AMD Athlon 3000 Series Mobile Processors With Radeon Graphics AMD Ryzen 3000 Series Desktop Processors +11 more

Timeline

PublishedAug 13

Description

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages14 packages

▶CVEListV5amd/amd_ryzen_threadripper_3000_series_processorsvarious

▶CVEListV5amd/amd_ryzen_3000_series_desktop_processorsvarious

▶CVEListV5amd/amd_ryzen_embedded_5000_series_processorsvarious

▶CVEListV5amd/amd_ryzen_embedded_r1000_series_processorsvarious

▶CVEListV5amd/amd_ryzen_embedded_r2000_series_processorsvarious

🔴Vulnerability Details

CVEList

CVE-2021-46772: Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure heade↗2024-08-13

▶

GHSA

GHSA-mgjx-cq94-rwcv: Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure heade↗2024-08-13

▶