Improper Data Clearing in ASP Bootloader Affects AMD Products
CVE-2021-46766

2.5LOW

Key Information:

Vendor

Amd
Status
Ryzen™ Threadripper™ Pro 3000wx Series Processors “chagall” Ws
4th Gen Amd Epyc™ Processors
Amd Epyc™ Embedded 9003
Vendor
CVE Published:
14 November 2023

What is CVE-2021-46766?

The ASP Bootloader from AMD has a vulnerability that arises from improper clearing of sensitive data. This flaw can allow a privileged attacker to access secret keys stored in the ASP SRAM, leading to potential confidentiality compromises. The issue underscores the importance of rigorous data management practices in hardware security to prevent unauthorized data access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

4th Gen AMD EPYC™ Processors x86 various

AMD EPYC™ Embedded 9003 various

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.