CVE-2021-46756 : Insufficient validation of inputs in SVC_MAP_USER

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

Published 2023-05-09 20:15:12

Updated 2025-01-28 16:15:32

Source Advanced Micro Devices Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-46756

AMD » Epyc 7601 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7601_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7601 » Version: N/A
AMD » Epyc 7551p Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7551p_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7551p » Version: N/A
AMD » Epyc 7551 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7551_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7551 » Version: N/A
AMD » Epyc 7501 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7501_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7501 » Version: N/A
AMD » Epyc 7451 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7451_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7451 » Version: N/A
AMD » Epyc 7401 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7401_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7401 » Version: N/A
AMD » Epyc 7371 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7371_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7371 » Version: N/A
AMD » Epyc 7351p Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7351p_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7351p » Version: N/A
AMD » Epyc 7351 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7351_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7351 » Version: N/A
AMD » Epyc 7301 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7301_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7301 » Version: N/A
AMD » Epyc 7281 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7281_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7281 » Version: N/A
AMD » Epyc 7261 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7261_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7261 » Version: N/A
AMD » Epyc 7251 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7251_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7251 » Version: N/A
AMD » Epyc 7f72 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7f72_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7f72 » Version: N/A
AMD » Epyc 7f52 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7f52_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7f52 » Version: N/A
AMD » Epyc 7f32 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7f32_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7f32 » Version: N/A
AMD » Epyc 7h12 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7h12_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7h12 » Version: N/A
AMD » Epyc 7742 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7742_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7742 » Version: N/A
AMD » Epyc 7702 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7702_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7702 » Version: N/A
AMD » Epyc 7702p Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7702p_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7702p » Version: N/A
AMD » Epyc 7662 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7662_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7662 » Version: N/A
AMD » Epyc 7642 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7642_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7642 » Version: N/A
AMD » Epyc 7552 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7552_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7552 » Version: N/A
AMD » Epyc 7542 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7542_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7542 » Version: N/A
AMD » Epyc 7532 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7532_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7532 » Version: N/A
AMD » Epyc 7502 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7502_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7502 » Version: N/A
AMD » Epyc 7502p Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7502p_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7502p » Version: N/A
AMD » Epyc 7452 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7452_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7452 » Version: N/A
AMD » Epyc 7402 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7402_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7402 » Version: N/A
AMD » Epyc 7402p Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7402p_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7402p » Version: N/A
AMD » Epyc 7352 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7352_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7352 » Version: N/A
AMD » Epyc 7302 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7302_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7302 » Version: N/A
AMD » Epyc 7302p Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7302p_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7302p » Version: N/A
AMD » Epyc 7282 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7282_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7282 » Version: N/A
AMD » Epyc 7272 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7272_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7272 » Version: N/A
AMD » Epyc 7262 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7262_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7262 » Version: N/A
AMD » Epyc 7252 Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7252_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7252 » Version: N/A
AMD » Epyc 7232p Firmware » Version: Romepi 1.0.0.e
cpe:2.3:o:amd:epyc_7232p_firmware:romepi_1.0.0.e:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7232p » Version: N/A
AMD » Epyc 7763 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7763_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7763 » Version: N/A
AMD » Epyc 7713p Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7713p_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7713p » Version: N/A
AMD » Epyc 7713 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7713_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7713 » Version: N/A
AMD » Epyc 7663 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7663_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7663 » Version: N/A
AMD » Epyc 7643 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7643_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7643 » Version: N/A
AMD » Epyc 75f3 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_75f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 75f3 » Version: N/A
AMD » Epyc 7543p Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7543p_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7543p » Version: N/A
AMD » Epyc 7543 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7543_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7543 » Version: N/A
AMD » Epyc 7513 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7513_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7513 » Version: N/A
AMD » Epyc 7453 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7453_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7453 » Version: N/A
AMD » Epyc 74f3 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_74f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 74f3 » Version: N/A
AMD » Epyc 7443p Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7443p_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7443p » Version: N/A
AMD » Epyc 7443 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7443_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7443 » Version: N/A
AMD » Epyc 7413 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7413_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7413 » Version: N/A
AMD » Epyc 73f3 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_73f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 73f3 » Version: N/A
AMD » Epyc 7343 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7343_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7343 » Version: N/A
AMD » Epyc 7313p Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7313p_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7313p » Version: N/A
AMD » Epyc 7313 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7313_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7313 » Version: N/A
AMD » Epyc 72f3 Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_72f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 72f3 » Version: N/A
AMD » Epyc 7401p Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7401p_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7401p » Version: N/A
AMD » Epyc 7773x Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7773x_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7773x » Version: N/A
AMD » Epyc 7473x Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7473x_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7473x » Version: N/A
AMD » Epyc 7573x Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7573x_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7573x » Version: N/A
AMD » Epyc 7373x Firmware » Version: Milanpi 1.0.0.9
cpe:2.3:o:amd:epyc_7373x_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7373x » Version: N/A
AMD » Epyc 7571 Firmware » Version: Naplespi 1.0.0.j
cpe:2.3:o:amd:epyc_7571_firmware:naplespi_1.0.0.j:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7571 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-46756

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-46756

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	3.9	5.2	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-28
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2021-46756

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-46756

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Access Denied
Vendor Advisory

CVEs referencing this url
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

Access Denied
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-46756

Products affected by CVE-2021-46756

Exploit prediction scoring system (EPSS) score for CVE-2021-46756

CVSS scores for CVE-2021-46756

CWE ids for CVE-2021-46756

References for CVE-2021-46756