Graphics Mailbox Attack Vectors in AMD Products
CVE-2021-46750

3LOW

Key Information:

Vendor: Amd
Status: Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics; Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 6 September 2025

What is CVE-2021-46750?

The vulnerability arises from inadequate validation of addresses and sizes in the Trusted Execution Environment (TEE). This flaw can be exploited by a malicious x86 attacker, allowing the attacker to craft and send malformed messages to the graphics mailbox. This can potentially lead to an overlap of a Trusted Memory Region (TMR) previously allocated by the ASP bootloader, which compromises the integrity of the system.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Radeon™ PRO V620 Graphics Products Contact your AMD Customer Engineering representative

AMD Radeon™ PRO W6000 Series Graphics Products AMD Software: PRO Edition 23.Q4 (23.30.13.03)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Mar 31, 2022

Amd

What is CVE-2021-46750?

Affected Version(s)

References

CVSS V3.1

Timeline