CVE-2021-46758
6.1MEDIUM
Key Information
- Vendor
- Amd
- Status
- Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”
- Ryzen™ 7000 Series Desktop Processors “raphael” Xd3
- Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “renoir” Fp6
- Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “lucienne”
- Vendor
- CVE Published:
- 14 November 2023
Summary
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
Affected Version(s)
Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” = various
Ryzen™ 7000 Series Desktop Processors “Raphael” XD3 = various
Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 = various
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database