CVE-2021-46773

CWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 55.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
75
AMD 3RD GEN AMD Ryzen™ Threadripper™ Processors “castle Peak” HedtAMD AMD Ryzen™ 5000 Series Desktop Processors “vermeer” AM4AMD Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”+72 more
Timeline
PublishedMay 9

Description

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages75 packages

NVDamd/ryzen_2600_firmwarepinnaclepi-am4_1.0.0.c, raven-fp5-am4_1.1.0.e+1
NVDamd/ryzen_2700_firmwarepinnaclepi-am4_1.0.0.c, raven-fp5-am4_1.1.0.e+1
NVDamd/ryzen_3100_firmwarecomboam4pi_1.0.0.8, comboam4v2_pi_1.2.0.6, renoirpi-fp6_1.0.0.8+2
NVDamd/ryzen_3500_firmwarecomboam4pi_1.0.0.8, comboam4v2_pi_1.2.0.6, renoirpi-fp6_1.0.0.8+2
NVDamd/ryzen_3600_firmwarecomboam4pi_1.0.0.8, comboam4v2_pi_1.2.0.6, renoirpi-fp6_1.0.0.8+2

🔴Vulnerability Details

2
CVEList
CVE-2021-46773: Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code exec2023-05-09
GHSA
GHSA-fpvr-537c-jhg2: Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code exec2023-05-09