CVE-2021-46757 — HIGH (7.8)

Q: How severe is CVE-2021-46757?

CVE-2021-46757 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-46757?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen Embedded 5950E Firmware, Amd Ryzen Embedded 5950E, Amd Ryzen Embedded 5900E Firmware, Amd Ryzen Embedded 5900E, Amd Ryzen Embedded 5800E Firmware.

Vulnerability Description

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Amd	Ryzen Embedded 5950E Firmware	< embam4pi_1.0.0.0
Amd	Ryzen Embedded 5950E	-
Amd	Ryzen Embedded 5900E Firmware	< embam4pi_1.0.0.0
Amd	Ryzen Embedded 5900E	-
Amd	Ryzen Embedded 5800E Firmware	< embam4pi_1.0.0.0
Amd	Ryzen Embedded 5800E	-
Amd	Ryzen Embedded 5600E Firmware	< embam4pi_1.0.0.0
Amd	Ryzen Embedded 5600E	-
Amd	Ryzen Embedded V2516 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded V2516	-
Amd	Ryzen Embedded V2546 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded V2546	-
Amd	Ryzen Embedded V2718 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded V2718	-
Amd	Ryzen Embedded V2748 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded V2748	-
Amd	Ryzen Embedded R2312 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded R2312	-
Amd	Ryzen Embedded R2314 Firmware	< embeddedpi-fp6_1.0.0.6
Amd	Ryzen Embedded R2314	-

Related Weaknesses (CWE)

CWE-119

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001Vendor Advisory

FAQ

What is CVE-2021-46757?

CVE-2021-46757 is a vulnerability with a CVSS score of 7.8 (HIGH). Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escal...

How severe is CVE-2021-46757?

CVE-2021-46757 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46757?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen Embedded 5950E Firmware, Amd Ryzen Embedded 5950E, Amd Ryzen Embedded 5900E Firmware, Amd Ryzen Embedded 5900E, Amd Ryzen Embedded 5800E Firmware.