Insufficient DRAM Address Validation in AMD System Management Unit
CVE-2021-46774

6.7MEDIUM

Key Information:

Vendor
Amd
Status
Ryzen™ 3000 Series Desktop Processors “matisse"
Amd Ryzen™ 5000 Series Desktop Processors “vermeer”
Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt
Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3
Vendor
CVE Published:
14 November 2023

Summary

The vulnerability in the System Management Unit (SMU) manifests as an insufficient validation of DRAM addresses. This flaw allows an attacker to read or write to invalid memory addresses, which could lead to instability and potential denial-of-service conditions. The issue is critical for systems relying on this management component, as it can compromise the security and reliability of the affected products.

Affected Version(s)

1st Gen AMD EPYC™ Processors x86 various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.