Insufficient DRAM Address Validation in AMD System Management Unit
CVE-2021-46774

6.7MEDIUM

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse"; Amd Ryzen™ 5000 Series Desktop Processors “vermeer”; Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt; Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3
Vendor: CVE Published:; 14 November 2023

What is CVE-2021-46774?

The vulnerability in the System Management Unit (SMU) manifests as an insufficient validation of DRAM addresses. This flaw allows an attacker to read or write to invalid memory addresses, which could lead to instability and potential denial-of-service conditions. The issue is critical for systems relying on this management component, as it can compromise the security and reliability of the affected products.

Affected Version(s)

1st Gen AMD EPYC™ Processors x86 various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Mar 31, 2022

Amd

What is CVE-2021-46774?

Affected Version(s)

References

CVSS V3.1

Timeline