Insufficient Bounds Checking in AMD Secure Processor
CVE-2021-46748

5.5MEDIUM

Key Information:

Vendor
Amd
Status
Radeon™ Rx 5000/6000/7000 Series Graphics Cards
Radeon™ Pro W5000/w6000/w7000 Series Graphics Cards
Radeon™ Rx Vega Series Graphics Cards
Radeon™ Pro Wx Vega Series Graphics Cards
Vendor
CVE Published:
14 November 2023

Summary

The AMD Secure Processor contains a vulnerability due to insufficient bounds checking that allows attackers to potentially access memory beyond permissible limits assigned to a Trusted Application (TA). This vulnerability could lead to unexpected system behavior, including potential denial of service, as unauthorized memory access may disrupt normal operations.

Affected Version(s)

Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards x86 various

Radeon™ PRO WX Vega Series Graphics Cards x86 various

Radeon™ RX 5000/6000/7000 Series Graphics Cards x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.