A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Amd
  • Cezannepi-fp6
  • Cezannepi-fp6 Firmware
  • Comboam4v2 Pi
  • Comboam4v2 Pi Firmware
  • Renoirpi-fp6 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:amd:comboam4v2_pi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:amd:renoirpi-fp6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:amd:cezannepi-fp6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:cezannepi-fp6:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://nvd.nist.gov/vuln/detail/CVE-2021-46795 cve-icon
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 cve-icon cve-icon
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1031 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-46795 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-01-10T20:53:25.868Z

Updated: 2024-08-04T05:17:42.312Z

Reserved: 2022-05-04T18:14:06.438Z

Link: CVE-2021-46795

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-01-11T08:15:13.347

Modified: 2023-01-20T18:36:19.837

Link: CVE-2021-46795

cve-icon Redhat

Severity : Low

Publid Date: 2023-01-10T06:30:00Z

Links: CVE-2021-46795 - Bugzilla