CVE-2021-46766 - OpenCVE

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Epyc 9124 Epyc 9124 Firmware Epyc 9174f Epyc 9174f Firmware Epyc 9184x Epyc 9184x Firmware Epyc 9224 Epyc 9224 Firmware Epyc 9254 Epyc 9254 Firmware Epyc 9274f Epyc 9274f Firmware Epyc 9334 Epyc 9334 Firmware Epyc 9354 Epyc 9354 Firmware Epyc 9354p Epyc 9354p Firmware Epyc 9374f Epyc 9374f Firmware Epyc 9384x Epyc 9384x Firmware Epyc 9454 Epyc 9454 Firmware Epyc 9454p Epyc 9454p Firmware Epyc 9474f Epyc 9474f Firmware Epyc 9534 Epyc 9534 Firmware Epyc 9554 Epyc 9554 Firmware Epyc 9554p Epyc 9554p Firmware Epyc 9634 Epyc 9634 Firmware Epyc 9654 Epyc 9654 Firmware Epyc 9654p Epyc 9654p Firmware Epyc 9684x Epyc 9684x Firmware Epyc 9734 Epyc 9734 Firmware Epyc 9754 Epyc 9754 Firmware Epyc 9754s Epyc 9754s Firmware Ryzen Threadripper Pro 3945wx Ryzen Threadripper Pro 3945wx Firmware Ryzen Threadripper Pro 3955wx Ryzen Threadripper Pro 3955wx Firmware Ryzen Threadripper Pro 3975wx Ryzen Threadripper Pro 3975wx Firmware Ryzen Threadripper Pro 3995wx Ryzen Threadripper Pro 3995wx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:amd:epyc_9654p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_9654_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_9634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9634:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_9554p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_9554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_9534_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9534:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_9474f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9474f:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_9454p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_9454_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_9374f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9374f:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_9354p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_9354_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_9334_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9334:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_9274f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9274f:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_9254_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9254:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_9224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9224:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:epyc_9174f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9174f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:epyc_9124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9124:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:epyc_9684x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9684x:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:epyc_9384x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9384x:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:epyc_9184x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9184x:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:epyc_9754_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:epyc_9754s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:epyc_9734_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9734:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3995wx:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3975wx:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3955wx:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3945wx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-11-14T18:51:58.036Z

Updated: 2024-08-04T05:17:42.287Z

Reserved: 2022-03-31T16:50:27.871Z

Link: CVE-2021-46766

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-14T19:15:10.360

Modified: 2024-06-18T19:15:55.900

Link: CVE-2021-46766

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object