Potential Security Vulnerability in TEE Could Lead to Denial of Service
CVE-2021-46746
5.2MEDIUM
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7001 Processors
- Amd Epyc™ 7002 Processors
- Amd Epyc™ 7003 Processors
- Amd Epyc™ 9004 Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
Affected Version(s)
AMD EPYC™ 7001 Processors <= various
AMD EPYC™ 7002 Processors <= various
AMD EPYC™ 7003 Processors <= various
CVSS V3.1
Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database