CVE-2021-46792
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/05/2023
Last modified:
28/01/2025
Description
Time-of-check Time-of-use (TOCTOU) in the<br />
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race<br />
condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon<br />
an S3 resume event potentially leading to a denial of service.<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:ryzen_5300g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5300g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5300ge_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5300ge:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5500_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5600_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5600g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5600g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5600ge_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5600ge:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5600x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:amd:ryzen_5600x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:ryzen_5700g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page