1. Home
  2. CVE Database
  3. CVE-2021-46754
CRITICAL · 9.1

CVE-2021-46754

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU ...

Vulnerability Description

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
AmdRyzen 5300G Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5300G-
AmdRyzen 5300Ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5300Ge-
AmdRyzen 5500 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5500-
AmdRyzen 5600 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600-
AmdRyzen 5600G Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600G-
AmdRyzen 5600Ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600Ge-
AmdRyzen 5600X Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600X-
AmdRyzen 5700G Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700G-
AmdRyzen 5700Ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700Ge-
AmdRyzen 5700X Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700X-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-46754?

CVE-2021-46754 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU ...

How severe is CVE-2021-46754?

CVE-2021-46754 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-46754?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 5300G Firmware, Amd Ryzen 5300G, Amd Ryzen 5300Ge Firmware, Amd Ryzen 5300Ge, Amd Ryzen 5500 Firmware.