CVE-2021-46779 - OpenCVE

Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Milanpi Milanpi Firmware Naplespi Naplespi Firmware Romepi Romepi Firmware

Configuration 1 [-]

AND

cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:naplespi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-01-10T20:56:52.789Z

Updated: 2024-08-04T05:17:42.420Z

Reserved: 2022-03-31T16:50:27.875Z

Link: CVE-2021-46779

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-11T08:15:13.213

Modified: 2023-11-07T03:40:03.753

Link: CVE-2021-46779

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46779", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-03-31T16:50:27.875Z", "datePublished": "2023-01-10T20:56:52.789Z", "dateUpdated": "2024-08-04T05:17:42.420Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "1st Gen EPYC", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "2nd Gen EPYC", "vendor": " AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "3rd Gen EPYC", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}], "datePublic": "2023-01-10T17:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.<br>"}], "value": "Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-01-11T07:01:59.843980Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "source": {"advisory": "AMD-SB-1032", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.420Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56013C45-044C-40B0-9503-7E3928602803", "versionEndExcluding": "1.0.0.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B936879F-731E-4991-ACBB-16643F629B41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11959F6-2A87-48A4-AD17-16A6B00C6BFA", "versionEndExcluding": "1.0.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:naplespi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB1EE9F8-6AA6-48E1-A5C3-79A1FC70C821", "versionEndExcluding": "1.0.0.g", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C479ABD-FE0C-4C08-B849-7BD516F03733", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada insuficiente en la llamada al sistema SVC_ECC_PRIMITIVE en una aplicaci\u00f3n de usuario comprometida o ABL puede permitir que un atacante corrompa la memoria del sistema operativo ASP (AMD Secure Processor), lo que puede provocar una posible p\u00e9rdida de integridad y disponibilidad."}], "id": "CVE-2021-46779", "lastModified": "2023-11-07T03:40:03.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-11T08:15:13.213", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}