Improper Data Clearing in ASP Bootloader Affects AMD Products
CVE-2021-46766

2.5LOW

Key Information:

Vendor
Amd
Status
Ryzen™ Threadripper™ Pro 3000wx Series Processors “chagall” Ws
4th Gen Amd Epyc™ Processors
Amd Epyc™ Embedded 9003
Vendor
CVE Published:
14 November 2023

Summary

The ASP Bootloader from AMD has a vulnerability that arises from improper clearing of sensitive data. This flaw can allow a privileged attacker to access secret keys stored in the ASP SRAM, leading to potential confidentiality compromises. The issue underscores the importance of rigorous data management practices in hardware security to prevent unauthorized data access.

Affected Version(s)

4th Gen AMD EPYC™ Processors x86 various

AMD EPYC™ Embedded 9003 various

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.