Out-of-Bounds Memory Access Vulnerability in AMD Bootloader
CVE-2021-46760

9.8CRITICAL

Key Information:

Vendor: Amd
Status: 3rd Gen Amd Ryzen™ Threadripper™ Processors “castle Peak” Hedt; Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws
Vendor: CVE Published:; 9 May 2023

What is CVE-2021-46760?

A vulnerability exists in the AMD bootloader that can be exploited by malicious or compromised User Applications (UApps) or Application Bootloaders (ABL). An attacker can send a malformed system call to the bootloader, leading to out-of-bounds memory access. This breach could allow unauthorized users to leak sensitive information or potentially execute arbitrary code, posing significant risks to system integrity and data security.

Affected Version(s)

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT x86 various

Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2022

Amd

What is CVE-2021-46760?

Affected Version(s)

References

CVSS V3.1

Timeline