CVE-2021-46795

CWE-3674 documents4 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 87.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Cezannepi-fp6 Firmware AMD Comboam4v2 PI Firmware AMD Renoirpi-fp6 Firmware +2 more

Timeline

PublishedJan 11

Description

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

▶NVDamd/renoirpi-fp6_firmware< 1.0.0.7

▶NVDamd/cezannepi-fp6_firmware< 1.0.0.6

▶NVDamd/comboam4v2_pi_firmware< 1.2.0.5

▶CVEListV5amd/ryzen_3000_seriesvarious

▶CVEListV5amd/ryzen_5000_seriesvarious

🔴Vulnerability Details

GHSA

GHSA-wfj9-288h-5mpm: A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bo↗2023-01-11

▶

CVEList

CVE-2021-46795: A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bo↗2023-01-10

▶

📋Vendor Advisories

Red Hat

hw: amd: TOCTOU (time-of-check to time-of-use) vulnerability cause memory out of bound results in a denial of service↗2023-01-10

▶