CVE-2021-46760

EPSS 0.23%
Veröffentlicht 09.05.2023 20:15:12
Zuletzt bearbeitet 27.01.2025 18:15:29
Quelle psirt@amd.com
Teams Watchlist Login
Unerledigt Login

A malicious or compromised UApp or ABL can send
a malformed system call to the bootloader, which may result in an out-of-bounds
memory access that may potentially lead to an attacker leaking sensitive
information or achieving code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Amd ≫ Ryzen 3945wx Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3945wx Version-

Amd ≫ Ryzen 3955wx Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3955wx Version-

Amd ≫ Ryzen 3960x Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3960x Version-

Amd ≫ Ryzen 3970x Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3970x Version-

Amd ≫ Ryzen 3975wx Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3975wx Version-

Amd ≫ Ryzen 3990x Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3990x Version-

Amd ≫ Ryzen 3995wx Firmware Versioncastlepeakwspi-swrx8_1.0.0.9

Amd ≫ Ryzen 3995wx Version-

Amd ≫ Ryzen 3945wx Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3945wx Version-

Amd ≫ Ryzen 3955wx Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3955wx Version-

Amd ≫ Ryzen 3960x Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3960x Version-

Amd ≫ Ryzen 3970x Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3970x Version-

Amd ≫ Ryzen 3975wx Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3975wx Version-

Amd ≫ Ryzen 3990x Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3990x Version-

Amd ≫ Ryzen 3995wx Firmware Versionchagallwspi-swrx8_1.0.0.2

Amd ≫ Ryzen 3995wx Version-

Amd ≫ Ryzen 3945wx Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3945wx Version-

Amd ≫ Ryzen 3955wx Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3955wx Version-

Amd ≫ Ryzen 3960x Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3960x Version-

Amd ≫ Ryzen 3970x Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3970x Version-

Amd ≫ Ryzen 3975wx Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3975wx Version-

Amd ≫ Ryzen 3990x Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3990x Version-

Amd ≫ Ryzen 3995wx Firmware Versioncastlepeakpi-sp3r3_1.0.0.7

Amd ≫ Ryzen 3995wx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.426

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-46760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-46760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-46760

EUVD