Description
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.
Published: 2026-06-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from insufficient granularity of access control within the AMD Secure Processor (ASP). An untrusted user‑space application can map sensitive System Management Network apertures, creating a path for elevating privileges. This weakness aligns with CWE‑1220 and grants an attacker the ability to access critical system resources that should be protected by hardware isolation.

Affected Systems

Affected hardware includes a wide range of AMD processors and GPUs such as the Athlon 3000 Series Desktop and Mobile CPUs, Ryzen 3000/4000/5000/7030 Series Desktop and Mobile CPUs, Ryzen Embedded 5000/ R1000/ R2000/ V1000/ V2000/ V3000 series, Ryzen Threadripper Pro 3000 WX and 5000 WX, and Radeon PRO and RX 5000/6000/7000 Series graphics products. Each of these devices hosts the AMD Secure Processor that can be exploited when the access controls are not granular enough.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity for privilege escalation. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local attack, where an adversary runs a malicious user‑space program capable of mapping protected SMN apertures. This local privilege escalation could compromise system integrity and confidentiality if the attacker gains sufficient control over the secure processor.

Generated by OpenCVE AI on June 1, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware and driver updates published by AMD as described in the official bulletins
  • Limit the execution of untrusted or unsigned user‑space applications, using operating‑system or platform security controls to enforce least privilege
  • If a patch is not yet available, consider disabling or isolating the AMD Secure Processor’s SMN interface until the update can be applied

Generated by OpenCVE AI on June 1, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd athlon 3000 Series Mobile Processors With Radeon Graphics
Amd radeon Pro V520
Amd radeon Pro V620
Amd radeon Pro W5000 Series
Amd radeon Pro W6000 Series
Amd radeon Pro W7000 Series
Amd radeon Rx 5000 Series
Amd radeon Rx 6000 Series
Amd radeon Rx 7000 Series
Amd ryzen 3000 Series Desktop Processors
Amd ryzen 3000 Series Mobile Processors With Radeon Graphics
Amd ryzen 4000 Series Desktop Processors
Amd ryzen 4000 Series Mobile Processors With Radeon Graphics
Amd ryzen 5000 Series Desktop Processors
Amd ryzen 5000 Series Desktop Processors With Radeon Graphics
Amd ryzen 5000 Series Mobile Processors With Radeon Graphics
Amd ryzen 7030 Series Mobile Processors With Radeon Graphics
Amd ryzen Embedded 5000 Series Processors
Amd ryzen Embedded R1000 Series Processors
Amd ryzen Embedded R2000 Series Processors
Amd ryzen Embedded V1000 Series Processors
Amd ryzen Embedded V2000 Series Processors
Amd ryzen Embedded V3000 Series Processors
Amd ryzen Threadripper Pro 3000 Wx-series Processors
Amd ryzen Threadripper Pro 5000 Wx-series Processors
Vendors & Products Amd
Amd athlon 3000 Series Mobile Processors With Radeon Graphics
Amd radeon Pro V520
Amd radeon Pro V620
Amd radeon Pro W5000 Series
Amd radeon Pro W6000 Series
Amd radeon Pro W7000 Series
Amd radeon Rx 5000 Series
Amd radeon Rx 6000 Series
Amd radeon Rx 7000 Series
Amd ryzen 3000 Series Desktop Processors
Amd ryzen 3000 Series Mobile Processors With Radeon Graphics
Amd ryzen 4000 Series Desktop Processors
Amd ryzen 4000 Series Mobile Processors With Radeon Graphics
Amd ryzen 5000 Series Desktop Processors
Amd ryzen 5000 Series Desktop Processors With Radeon Graphics
Amd ryzen 5000 Series Mobile Processors With Radeon Graphics
Amd ryzen 7030 Series Mobile Processors With Radeon Graphics
Amd ryzen Embedded 5000 Series Processors
Amd ryzen Embedded R1000 Series Processors
Amd ryzen Embedded R2000 Series Processors
Amd ryzen Embedded V1000 Series Processors
Amd ryzen Embedded V2000 Series Processors
Amd ryzen Embedded V3000 Series Processors
Amd ryzen Threadripper Pro 3000 Wx-series Processors
Amd ryzen Threadripper Pro 5000 Wx-series Processors

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Weak SMN Access Control in AMD Secure Processor

Mon, 01 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.
Weaknesses CWE-1220
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amd Athlon 3000 Series Mobile Processors With Radeon Graphics Radeon Pro V520 Radeon Pro V620 Radeon Pro W5000 Series Radeon Pro W6000 Series Radeon Pro W7000 Series Radeon Rx 5000 Series Radeon Rx 6000 Series Radeon Rx 7000 Series Ryzen 3000 Series Desktop Processors Ryzen 3000 Series Mobile Processors With Radeon Graphics Ryzen 4000 Series Desktop Processors Ryzen 4000 Series Mobile Processors With Radeon Graphics Ryzen 5000 Series Desktop Processors Ryzen 5000 Series Desktop Processors With Radeon Graphics Ryzen 5000 Series Mobile Processors With Radeon Graphics Ryzen 7030 Series Mobile Processors With Radeon Graphics Ryzen Embedded 5000 Series Processors Ryzen Embedded R1000 Series Processors Ryzen Embedded R2000 Series Processors Ryzen Embedded V1000 Series Processors Ryzen Embedded V2000 Series Processors Ryzen Embedded V3000 Series Processors Ryzen Threadripper Pro 3000 Wx-series Processors Ryzen Threadripper Pro 5000 Wx-series Processors
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-06-02T13:45:20.545Z

Reserved: 2022-03-31T16:50:27.864Z

Link: CVE-2021-46747

cve-icon Vulnrichment

Updated: 2026-06-02T13:45:17.651Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T21:16:23.103

Modified: 2026-06-02T13:04:00.123

Link: CVE-2021-46747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:52:46Z

Weaknesses