CVE-2021-46766

2.5LOW

Key Information

Vendor: Amd
Status: Ryzen™ Threadripper™ Pro 3000wx Series Processors “chagall” Ws; 4th Gen Amd Epyc™ Processors; Amd Epyc™ Embedded 9003
Vendor: CVE Published:; 14 November 2023

Summary

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Affected Version(s)

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS = various

4th Gen AMD EPYC™ Processors = various

AMD EPYC™ Embedded 9003 = various

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: 5.5 to: 2.5 - (LOW)
Aug 4, 2024
Risk change from: 5.5 to: 2.5 - (LOW)
Jun 18, 2024
Vulnerability published.
Nov 14, 2023
Vulnerability Reserved.
Mar 31, 2022

Collectors

NVD DatabaseMitre Database