VDB

CISA-2021-46772

CISA-2021-46772 PUBLISHED CVSS 3.9 LOW

Reported by AMD · Published August 13, 2024

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Risk Scores

CVSS 3.1
3.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Affected Products

VendorProductVersions
AMDAMD EPYC™ 7002 Series ProcessorsRomePI 1.0.0.E
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.9
AMDAMD Ryzen™ 3000 Series Desktop Processorsvarious
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4V2 1.2.0.A
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4V2 1.2.0.A
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsvarious
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.6
AMDAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsChagallWSPI-sWRX8 1.0.0.6
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.3
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.E

…and 36 more

Timeline

  • Aug 13, 2024 CVE Published
  • Nov 5, 2024 CVE Updated

References

  • vendor-advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›