Tampering with SPI ROM Structure Headers Could Lead to Memory Corruption or Denial of Service
CVE-2021-46772

3.9LOW

Key Information:

Vendor

Amd
Status
Amd Epyc™ 7002 Series Processors
Amd Epyc™ 7003 Series Processors
Amd Ryzen™ 3000 Series Desktop Processors
Amd Ryzen™ 5000 Series Desktop Processors
Vendor
CVE Published:
13 August 2024

What is CVE-2021-46772?

An input validation flaw within AMD BIOS and UEFI firmware enables a privileged attacker with access to the BIOS menu or UEFI shell to manipulate structure headers in SPI ROM. This manipulation may lead to out-of-bounds memory read and write operations, resulting in potential memory corruption or denial of service. The vulnerability emphasizes the importance of securing access to BIOS settings and implementing stringent input validation measures to mitigate risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

References

https://www.amd.com/en/resources/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.