Potential Memory Buffer Vulnerability in ASP Secure OS Could Lead to Privilege Escalation
CVE-2021-46757

7.8HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Embedded 5000; Amd Ryzen™ Embedded V2000
Vendor: CVE Published:; 13 February 2024

Summary

A buffer overflow vulnerability exists in AMD's ASP Secure OS due to insufficient checks on memory buffers. This flaw could allow an attacker exploiting a malicious Trusted Application (TA) to read or write to sensitive areas of the kernel's virtual address space. If successfully exploited, this vulnerability could lead to privilege escalation, thereby permitting unauthorized access to critical system functionalities. Organizations utilizing AMD ASP Secure OS should assess and reinforce their security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

AMD Ryzen™ Embedded 5000 various

AMD Ryzen™ Embedded V2000 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Mar 31, 2022

Collectors

NVD DatabaseMitre Database