Out-of-Bounds Memory Access Vulnerability in AMD Bootloader
CVE-2021-46760

9.8CRITICAL

Key Information:

Vendor: Amd
Status: 3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt; Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws
Vendor: CVE Published:; 9 May 2023

Summary

A vulnerability exists in the AMD bootloader that can be exploited by malicious or compromised User Applications (UApps) or Application Bootloaders (ABL). An attacker can send a malformed system call to the bootloader, leading to out-of-bounds memory access. This breach could allow unauthorized users to leak sensitive information or potentially execute arbitrary code, posing significant risks to system integrity and data security.

Affected Version(s)

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT x86 various

Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2022