CVE-2021-46754

EPSS 0.6%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

09 May 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

Affected products

AMD · AMD Ryzen™ Embedded R1000 AMD · AMD Ryzen™ Embedded R2000 AMD · AMD Ryzen™ Embedded V1000 AMD · AMD Ryzen™ Embedded V2000 AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 AMD · Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 AMD · Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”AMD · Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”AMD · Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 AMD · Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001