CVE-2021-46758

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2023
Last modified:
28/12/2023

Description

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:* comboam4v2_pi_1.2.0.8 (excluding)
cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_9_7950x3d_firmware:*:*:*:*:*:*:*:* comboam5_1.0.0.1 (excluding)
cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_9_7900x3d_firmware:*:*:*:*:*:*:*:* comboam5_1.0.0.1 (excluding)