Insufficient Input Validation in SMU of AMD Processors
CVE-2021-46762

3.9LOW

Key Information:

Vendor: Amd
Status: 2nd Gen Amd Epyc™; 3rd Gen Amd Epyc™; Amd Epyc™ Embedded 7002; Amd Epyc™ Embedded 7003
Vendor: CVE Published:; 9 May 2023

Summary

The vulnerability arises from inadequate input validation within the System Management Unit (SMU) of AMD processors. This flaw allows for the possibility of an attacker manipulating the SRAM of the SMU, which can lead to potential issues such as corruption of system memory, loss of data integrity, or even triggering denial of service scenarios. It is crucial for users of affected AMD processors to be aware of this vulnerability and implement recommendations from vendor advisories to mitigate associated risks.

Affected Version(s)

2nd Gen AMD EPYC™ x86 various

3rd Gen AMD EPYC™ x86 various

AMD EPYC™ Embedded 7002 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Mar 31, 2022