Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service
CVE-2021-46772

3.9LOW

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Ryzen™ 3000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processors
Vendor: CVE Published:; 13 August 2024

What is CVE-2021-46772?

An input validation flaw within AMD BIOS and UEFI firmware enables a privileged attacker with access to the BIOS menu or UEFI shell to manipulate structure headers in SPI ROM. This manipulation may lead to out-of-bounds memory read and write operations, resulting in potential memory corruption or denial of service. The vulnerability emphasizes the importance of securing access to BIOS settings and implementing stringent input validation measures to mitigate risk.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

References

https://www.amd.com/en/resources/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Mar 31, 2022

Amd

What is CVE-2021-46772?

Affected Version(s)

References

CVSS V3.1

Timeline