CVE-2021-46766

2.5LOW

Key Information:

Vendor
Amd
Status
Ryzen™ Threadripper™ Pro 3000wx Series Processors “chagall” Ws
4th Gen Amd Epyc™ Processors
Amd Epyc™ Embedded 9003
Vendor
CVE Published:
14 November 2023

Summary

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Affected Version(s)

4th Gen AMD EPYC™ Processors x86 various

AMD EPYC™ Embedded 9003 various

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.