Insufficient Input Validation in AMD Secure Processor Affected by AMD Software
CVE-2021-46779

7.1HIGH

Key Information:

Vendor: Amd
Status: 1st Gen Epyc; 2nd Gen Epyc; 3rd Gen Epyc
Vendor: CVE Published:; 11 January 2023

Summary

An input validation flaw in the SVC_ECC_PRIMITIVE system call allows attackers to manipulate ASP (AMD Secure Processor) OS memory from compromised user applications or Abstraction Layer (ABL). This exploitation can lead to severe impacts on the integrity and availability of the affected systems.

Affected Version(s)

1st Gen EPYC x86 various

2nd Gen EPYC x86 various

3rd Gen EPYC x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Mar 31, 2022

Collectors

NVD DatabaseMitre Database