CVE-2021-46774

3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 90.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

132

AMD Epyc 7001 Firmware AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware +129 more

Timeline

PublishedNov 14

Description

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:LExploitability: 0.8 | Impact: 5.3

Affected Packages132 packages

▶NVDamd/ryzen_threadripper_3960x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_3970x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_3990x_firmware< castlepeakpi-sp3r3_1.0.0.7

▶NVDamd/ryzen_threadripper_pro_3795wx_firmware< chagallwspi-swrx8_1.0.0.0

▶CVEListV5amd/amd_ryzen™_threadripper™_pro_processors_“castle_peak”_ws_sp3various

🔴Vulnerability Details

CVEList

CVE-2021-46774: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially↗2023-11-14

▶

GHSA

GHSA-8wpw-g939-rjw4: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially↗2023-11-14

▶