Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service

CVE-2021-46772

3.9LOW

Key Information

Vendor: Amd
Status: Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Ryzen™ 3000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processors
Vendor: CVE Published:; 13 August 2024

Summary

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Affected Version(s)

AMD EPYC™ 7002 Series Processors <= RomePI 1.0.0.E

AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.9

AMD Ryzen™ 3000 Series Desktop Processors <= various

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Mar 31, 2022

Collectors

NVD DatabaseMitre Database