Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2021-46756

Disclosure Date: May 09, 2023 •

CVE-2021-46756 CVSS v3 Base Score: 9.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.1 Critical

Impact Score:

5.2

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 various

Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge” various

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 various

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 various

Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Various

2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” various

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT various

Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” various

Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 various

Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” various

Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” various

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” various

Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” various

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors various

3rd Gen AMD EPYC™ Processors various

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Products

References

Canonical

CVE-2021-46756 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46756)

Miscellaneous

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

Rapid7

Unknown

CVE-2021-46756

Unknown

Unknown

None

None

Network

CVE-2021-46756

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-46756

Unknown

Unknown

None

None

Network

CVE-2021-46756

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification