Insufficient Input Validation in AMD Secure Processor Bootloader
CVE-2021-46754

9.1CRITICAL

Key Information:

Vendor: Amd
Status: Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” Am4; Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Ulp; Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”
Vendor: CVE Published:; 9 May 2023

Summary

Insufficient input validation in the AMD Secure Processor bootloader may allow unauthorized access to sensitive information. An attacker with control over a compromised Uapp or ABL could exploit this vulnerability to manipulate the bootloader's operations, potentially leading to a breach of confidentiality and integrity by exposing critical data to the System Management Unit (SMU). Addressing this flaw is essential to safeguard sensitive information and maintain system security.

Affected Version(s)

AMD Ryzen™ Embedded R1000 various

AMD Ryzen™ Embedded R2000 various

AMD Ryzen™ Embedded V1000 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2022

Collectors

NVD DatabaseMitre Database