CVE-2021-46766

EPSS 0.02%
Published 14.11.2023 19:15:10
Last modified 21.11.2024 06:34:40
Source psirt@amd.com
Teams watchlist Login
Open Login

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Amd ≫ Epyc 9654p Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9654p Version-

Amd ≫ Epyc 9654 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9654 Version-

Amd ≫ Epyc 9634 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9634 Version-

Amd ≫ Epyc 9554p Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9554p Version-

Amd ≫ Epyc 9554 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9554 Version-

Amd ≫ Epyc 9534 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9534 Version-

Amd ≫ Epyc 9474f Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9474f Version-

Amd ≫ Epyc 9454p Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9454p Version-

Amd ≫ Epyc 9454 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9454 Version-

Amd ≫ Epyc 9374f Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9374f Version-

Amd ≫ Epyc 9354p Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9354p Version-

Amd ≫ Epyc 9354 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9354 Version-

Amd ≫ Epyc 9334 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9334 Version-

Amd ≫ Epyc 9274f Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9274f Version-

Amd ≫ Epyc 9254 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9254 Version-

Amd ≫ Epyc 9224 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9224 Version-

Amd ≫ Epyc 9174f Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9174f Version-

Amd ≫ Epyc 9124 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9124 Version-

Amd ≫ Epyc 9684x Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9684x Version-

Amd ≫ Epyc 9384x Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9384x Version-

Amd ≫ Epyc 9184x Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9184x Version-

Amd ≫ Epyc 9754 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9754 Version-

Amd ≫ Epyc 9754s Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9754s Version-

Amd ≫ Epyc 9734 Firmware Version < genoapi_1.0.0.4

Amd ≫ Epyc 9734 Version-

Amd ≫ Ryzen Threadripper Pro 3995wx Firmware Version < chagallwspi-swrx8_1.0.0.5

Amd ≫ Ryzen Threadripper Pro 3995wx Version-

Amd ≫ Ryzen Threadripper Pro 3975wx Firmware Version < chagallwspi-swrx8_1.0.0.5

Amd ≫ Ryzen Threadripper Pro 3975wx Version-

Amd ≫ Ryzen Threadripper Pro 3955wx Firmware Version < chagallwspi-swrx8_1.0.0.5

Amd ≫ Ryzen Threadripper Pro 3955wx Version-

Amd ≫ Ryzen Threadripper Pro 3945wx Firmware Version < chagallwspi-swrx8_1.0.0.5

Amd ≫ Ryzen Threadripper Pro 3945wx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@amd.com	2.5	0.8	1.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-46766

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-46766

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-46766

EUVD