CVE-2021-46758
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2023
Last modified:
28/12/2023
Description
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:* | comboam4v2_pi_1.2.0.8 (excluding) | |
cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_9_7950x3d_firmware:*:*:*:*:*:*:*:* | comboam5_1.0.0.1 (excluding) | |
cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:amd:ryzen_9_7900x3d_firmware:*:*:*:*:*:*:*:* | comboam5_1.0.0.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page