CVE-2021-46756
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
09/05/2023
Last modified:
28/01/2025
Description
Insufficient validation of inputs in<br />
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an<br />
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to<br />
the bootloader resulting in a potential denial of service and loss of<br />
integrity.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:epyc_72f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7313_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7313p_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7343_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7373x_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_73f3_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7413_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7443_firmware:milanpi_1.0.0.9:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page