Potential Security Vulnerability in TEE Could Lead to Denial of Service
CVE-2021-46746

5.2MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7001 Processors; Amd Epyc™ 7002 Processors; Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability exists in the ASP Secure OS Trusted Execution Environment (TEE) due to inadequate stack protection mechanisms. This flaw could be exploited by a privileged attacker who has access to AMD signing keys to manipulate the return address, leading to a stack-based buffer overrun. Such an attack may result in a denial of service, compromising the security and functionality of the affected systems. Organizations using AMD's TEE should implement necessary mitigations to protect against potential exploitation.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PollockPI-FT5 1.0.0.4

AMD EPYC™ 7001 Processors various

References

https://www.amd.com/en/resources/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Mar 31, 2022

Collectors

NVD DatabaseMitre Database