TOCTOU Vulnerability in BIOS2PSP Command Affecting AMD Products
CVE-2021-46792
Key Information:
- Vendor
- Amd
- Status
- Vendor
- CVE Published:
- 9 May 2023
Summary
The BIOS2PSP command in certain AMD products contains a time-of-check time-of-use (TOCTOU) vulnerability. This issue arises when an attacker with administrative access exploits a malicious BIOS, creating a race condition that triggers out-of-bounds SRAM reads by the ASP bootloader during an S3 resume event. Such behavior may lead to instability or unexpected failures in device operations, resulting in a denial of service. Users are advised to follow vendor security advisories to mitigate potential risks.
Affected Version(s)
Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP x86 various
Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 x86 various
Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 x86 various
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved