Insufficient Bounds Checking in AMD Secure Processor Affects System Management Interface
CVE-2021-46749

7.5HIGH

Key Information:

Vendor: Amd
Status: Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”; Ryzen™ 3000 Series Desktop Processors “matisse” Am4; Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” Am4
Vendor: CVE Published:; 9 May 2023

Summary

Insufficient bounds checking in the AMD Secure Processor can lead to an out-of-bounds read during the System Management Interface mailbox checksum calculation. This vulnerability could potentially trigger data aborts, leading to interruptions in service availability. For more information, refer to the vendor advisory at AMD's official site.

Affected Version(s)

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT x86 various

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 x86 various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2022

Collectors

NVD DatabaseMitre Database