Vulnerability Details : CVE-2021-46766
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
Products affected by CVE-2021-46766
- cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9124_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9174f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9184x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9254_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9274f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9334_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9354_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9354p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9374f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9384x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9454_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9454p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9474f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9534_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9554p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9554_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9634_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9654_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9654p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9684x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9734_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9754_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_9754s_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-46766
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-46766
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
2.5
|
LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N |
0.8
|
1.4
|
Advanced Micro Devices Inc. | 2024-06-18 |
CWE ids for CVE-2021-46766
-
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-46766
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
AMD Server Vulnerabilities – Nov 2023Vendor Advisory
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
AMD Client Vulnerabilities – November 2023Vendor Advisory
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
AMD Embedded Processors Vulnerabilities – February 2024
Jump to