CVE-2021-46792: Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to…

medium5.9CVSS 3.1

AVNACHPRNUINSUCNINAH

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.

Affected

106 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	athlon_3000_series_mobile_processors_with_radeon_graphics_dali_dali_ulp	—	—
amd	athlon_gold_3150g_firmware	—	—
amd	athlon_gold_3150ge_firmware	—	—
amd	athlon_silver_3050ge_firmware	—	—
amd	ryzen_1200_firmware	—	—
amd	ryzen_1200_firmware	—	—
amd	ryzen_1600_firmware	—	—
amd	ryzen_1600_firmware	—	—
amd	ryzen_2000_series_desktop_processors_raven_ridge_am4	—	—
amd	ryzen_2000_series_mobile_processors_raven_ridge_fp5	—	—
amd	ryzen_2200g_firmware	—	—
amd	ryzen_2200g_firmware	—	—
amd	ryzen_2200ge_firmware	—	—
amd	ryzen_2200ge_firmware	—	—
amd	ryzen_2300x_firmware	—	—
amd	ryzen_2300x_firmware	—	—
amd	ryzen_2400g_firmware	—	—
amd	ryzen_2400g_firmware	—	—
amd	ryzen_2400ge_firmware	—	—
amd	ryzen_2400ge_firmware	—	—
amd	ryzen_2500x_firmware	—	—
amd	ryzen_2500x_firmware	—	—
amd	ryzen_2600_firmware	—	—
amd	ryzen_2600_firmware	—	—
amd	ryzen_2600e_firmware	—	—