CVE-2021-46758 — MEDIUM (6.1)

Q: How severe is CVE-2021-46758?

CVE-2021-46758 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-46758?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 7 5700G Firmware, Amd Ryzen 7 5700G, Amd Ryzen 7 5700Ge Firmware, Amd Ryzen 7 5700Ge, Amd Ryzen 5 5600G Firmware.

Vulnerability Description

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Amd	Ryzen 7 5700G Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 7 5700G	-
Amd	Ryzen 7 5700Ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 7 5700Ge	-
Amd	Ryzen 5 5600G Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 5 5600G	-
Amd	Ryzen 5 5600Ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 5 5600Ge	-
Amd	Ryzen 3 5300G Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 3 5300G	-
Amd	Ryzen 3 5300Ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 3 5300Ge	-
Amd	Ryzen 9 7950X3D Firmware	< comboam5_1.0.0.1
Amd	Ryzen 9 7950X3D	-
Amd	Ryzen 9 7900X3D Firmware	< comboam5_1.0.0.1
Amd	Ryzen 9 7900X3D	-
Amd	Ryzen 7 7800X3D Firmware	< comboam5_1.0.0.1
Amd	Ryzen 7 7800X3D	-
Amd	Ryzen 9 4900H Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 9 4900H	-

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory

FAQ

What is CVE-2021-46758?

CVE-2021-46758 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availa...

How severe is CVE-2021-46758?

CVE-2021-46758 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46758?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 7 5700G Firmware, Amd Ryzen 7 5700G, Amd Ryzen 7 5700Ge Firmware, Amd Ryzen 7 5700Ge, Amd Ryzen 5 5600G Firmware.