5.2

CVE-2021-46746

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAMD
Product AMD EPYC™ 7001 Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ 7002 Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ 7003 Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ 9004 Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD Ryzen™ 3000 Series Desktop Processors
Default Statusaffected
Version ComboAM4PI 1.0.0.9
Status unaffected
Version ComboAM4 V2 PI 1.2.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Desktop Processors
Default Statusaffected
Version ComboAM4V2 PI 1.2.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
Default Statusaffected
Version ComboAM4v2 PI 1.2.0.5
Status unaffected
VendorAMD
Product AMD Ryzen™ 7000 Series Desktop Processors
Default Statusaffected
Version ComboAM5 1.0.8.0
Status affected
VendorAMD
Product AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
Default Statusunaffected
Version ComboAM4PI 1.0.0.9
Status unaffected
Version ComboAM4v2 PI 1.2.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
Default Statusaffected
Version ComboAM4v2 PI 1.2.0.5
Status unaffected
VendorAMD
Product AMD Ryzen™ Threadripper™ 3000 Series Processors
Default Statusaffected
Version CastlePeakPI-SP3r3 1.0.0.7
Status unaffected
VendorAMD
Product AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.2
Status unaffected
Version CastlePeakWSPI-sWRX8 1.0.0.9
Status unaffected
VendorAMD
Product AMD Ryzen™ Threadripper™ PRO 5000WX Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.2
Status unaffected
VendorAMD
Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version PicassoPI-FP5 1.0.0.E
Status unaffected
VendorAMD
Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version PollockPI-FT5 1.0.0.4
Status affected
VendorAMD
Product AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
Default Statusaffected
Version PicassoPI-FP5 1.0.0.E
Status unaffected
VendorAMD
Product AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version RenoirPI-FP6 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
Default Statusaffected
Version MendocinoPI-FT6 1.0.0.6
Status unaffected
VendorAMD
Product AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7 1.0.0.5
Status unaffected
VendorAMD
Product AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7 1.0.0.5
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 7045 Series Mobile Processors
Default Statusaffected
Version DragonRangeFL1PI 1.0.0.3b
Status unaffected
VendorAMD
Product AMD EPYC™ Embedded 3000 Series Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ Embedded 7002 Series Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD EPYC™ Embedded 9003 Series Processors
Default Statusaffected
Version various
Status affected
VendorAMD
Product AMD Ryzen™ Embedded R1000 Series Processors
Default Statusaffected
Version EmbeddedPI-FP5 1.2.0.A
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded R2000 Series Processors
Default Statusaffected
Version EmbeddedR2KPI-FP5 1.0.0.2
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded 5000 Series Processors
Default Statusaffected
Version EmbAM4PI 1.0.0.2
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded 7000 Series Processors
Default Statusaffected
Version EmbeddedAM5PI 1.0.0.0
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded V1000 Series Processors
Default Statusaffected
Version EmbeddedPI-FP5 1.2.0.A
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded V2000 Series Processors
Default Statusaffected
Version EmbeddedPI-FP6 1.0.0.6
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded V3000 Series Processors
Default Statusaffected
Version EmbeddedPI-FP7r2 1.0.0.2
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.035
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@amd.com 5.2 0.5 4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.