CVE-2021-46766 - Vulnerability Details

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd Subscribe	Epyc 9124 Subscribe Epyc 9124 Firmware Subscribe Epyc 9174f Subscribe Epyc 9174f Firmware Subscribe Epyc 9184x Subscribe Epyc 9184x Firmware Subscribe Epyc 9224 Subscribe Epyc 9224 Firmware Subscribe Epyc 9254 Subscribe Epyc 9254 Firmware Subscribe Epyc 9274f Subscribe Epyc 9274f Firmware Subscribe Epyc 9334 Subscribe Epyc 9334 Firmware Subscribe Epyc 9354 Subscribe Epyc 9354 Firmware Subscribe Epyc 9354p Subscribe Epyc 9354p Firmware Subscribe Epyc 9374f Subscribe Epyc 9374f Firmware Subscribe Epyc 9384x Subscribe Epyc 9384x Firmware Subscribe Epyc 9454 Subscribe Epyc 9454 Firmware Subscribe Epyc 9454p Subscribe Epyc 9454p Firmware Subscribe Epyc 9474f Subscribe Epyc 9474f Firmware Subscribe Epyc 9534 Subscribe Epyc 9534 Firmware Subscribe Epyc 9554 Subscribe Epyc 9554 Firmware Subscribe Epyc 9554p Subscribe Epyc 9554p Firmware Subscribe Epyc 9634 Subscribe Epyc 9634 Firmware Subscribe Epyc 9654 Subscribe Epyc 9654 Firmware Subscribe Epyc 9654p Subscribe Epyc 9654p Firmware Subscribe Epyc 9684x Subscribe Epyc 9684x Firmware Subscribe Epyc 9734 Subscribe Epyc 9734 Firmware Subscribe Epyc 9754 Subscribe Epyc 9754 Firmware Subscribe Epyc 9754s Subscribe Epyc 9754s Firmware Subscribe Ryzen Threadripper Pro 3945wx Subscribe Ryzen Threadripper Pro 3945wx Firmware Subscribe Ryzen Threadripper Pro 3955wx Subscribe Ryzen Threadripper Pro 3955wx Firmware Subscribe Ryzen Threadripper Pro 3975wx Subscribe Ryzen Threadripper Pro 3975wx Firmware Subscribe Ryzen Threadripper Pro 3995wx Subscribe Ryzen Threadripper Pro 3995wx Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:amd:epyc_9654p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_9654_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_9634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9634:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_9554p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_9554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_9534_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9534:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_9474f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9474f:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_9454p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_9454_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_9374f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9374f:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_9354p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_9354_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_9334_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9334:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_9274f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9274f:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_9254_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9254:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_9224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9224:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:epyc_9174f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9174f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:epyc_9124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9124:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:epyc_9684x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9684x:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:epyc_9384x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9384x:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:epyc_9184x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9184x:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:epyc_9754_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:epyc_9754s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:epyc_9734_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9734:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3995wx:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3975wx:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3955wx:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3945wx:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-33422	Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-11-14T18:51:58.036Z

Updated: 2024-08-04T05:17:42.287Z

Reserved: 2022-03-31T16:50:27.871Z

Link: CVE-2021-46766

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-14T19:15:10.360

Modified: 2024-11-21T06:34:40.617

Link: CVE-2021-46766

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-459

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object