Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service
CVE-2021-46772
3.9LOW
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7002 Series Processors
- Amd Epyc™ 7003 Series Processors
- Amd Ryzen™ 3000 Series Desktop Processors
- Amd Ryzen™ 5000 Series Desktop Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
Affected Version(s)
AMD EPYC™ 7002 Series Processors <= RomePI 1.0.0.E
AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.9
AMD Ryzen™ 3000 Series Desktop Processors <= various
CVSS V3.1
Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database