Insufficient Bounds Checking in AMD Secure Processor
CVE-2021-46794

7.5HIGH

Key Information:

Vendor: Amd
Status: Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4; Ryzen™ 3000 Series Desktop Processors “matisse” Am4; Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” Am4
Vendor: CVE Published:; 9 May 2023

What is CVE-2021-46794?

Insufficient bounds checking in the AMD Secure Processor may lead to an out of bounds read during the checksum calculation for the System Management Interface mailbox. This flaw can trigger a data abort, potentially resulting in service disruptions and an inability to access critical system functionality. Organizations utilizing affected AMD products should assess their systems and apply any available mitigations to safeguard against this vulnerability.

Affected Version(s)

3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT x86 various

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 x86 various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
May 4, 2022

Amd

What is CVE-2021-46794?

Affected Version(s)

References

CVSS V3.1

Timeline