CVE-2021-46766 - Vulnerability Details

Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Published: 2023-11-14

Score: 2.5 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

4th Gen AMD EPYC™ Processors

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

AMD EPYC™ Embedded 9003

unaffected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:amd:epyc_9654p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_9654_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9654:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_9634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9634:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_9554p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_9554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9554:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_9534_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9534:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_9474f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9474f:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_9454p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_9454_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9454:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_9374f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9374f:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_9354p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_9354_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9354:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_9334_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9334:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_9274f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9274f:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_9254_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9254:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_9224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9224:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:epyc_9174f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9174f:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:epyc_9124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9124:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:epyc_9684x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9684x:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:epyc_9384x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9384x:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:epyc_9184x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9184x:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:epyc_9754_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:epyc_9754s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9754s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:epyc_9734_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_9734:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3995wx:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3975wx:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3955wx:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_threadripper_pro_3945wx:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-33422	Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

History

No history.

Subscriptions

Amd Epyc 9124 Epyc 9124 Firmware Epyc 9174f Epyc 9174f Firmware Epyc 9184x Epyc 9184x Firmware Epyc 9224 Epyc 9224 Firmware Epyc 9254 Epyc 9254 Firmware Epyc 9274f Epyc 9274f Firmware Epyc 9334 Epyc 9334 Firmware Epyc 9354 Epyc 9354 Firmware Epyc 9354p Epyc 9354p Firmware Epyc 9374f Epyc 9374f Firmware Epyc 9384x Epyc 9384x Firmware Epyc 9454 Epyc 9454 Firmware Epyc 9454p Epyc 9454p Firmware Epyc 9474f Epyc 9474f Firmware Epyc 9534 Epyc 9534 Firmware Epyc 9554 Epyc 9554 Firmware Epyc 9554p Epyc 9554p Firmware Epyc 9634 Epyc 9634 Firmware Epyc 9654 Epyc 9654 Firmware Epyc 9654p Epyc 9654p Firmware Epyc 9684x Epyc 9684x Firmware Epyc 9734 Epyc 9734 Firmware Epyc 9754 Epyc 9754 Firmware Epyc 9754s Epyc 9754s Firmware Ryzen Threadripper Pro 3945wx Ryzen Threadripper Pro 3945wx Firmware Ryzen Threadripper Pro 3955wx Ryzen Threadripper Pro 3955wx Firmware Ryzen Threadripper Pro 3975wx Ryzen Threadripper Pro 3975wx Firmware Ryzen Threadripper Pro 3995wx Ryzen Threadripper Pro 3995wx Firmware

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-11-14T18:51:58.036Z

Updated: 2024-08-04T05:17:42.287Z

Reserved: 2022-03-31T16:50:27.871Z

Link: CVE-2021-46766

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-14T19:15:10.360

Modified: 2024-11-21T06:34:40.617

Link: CVE-2021-46766

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-459

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object