CVE-2021-46791

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 83.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Milanpi Firmware AMD 3RD GEN Epyc

Timeline

PublishedJan 11

Description

Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDamd/milanpi_firmware< 1.0.0.3

▶CVEListV5amd/3rd_gen_epycvarious

🔴Vulnerability Details

GHSA

GHSA-669j-rxfq-2fvw: Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corru↗2023-01-11

▶

CVEList

CVE-2021-46791: Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corru↗2023-01-10

▶