1. Home
  2. CVE Database
  3. CVE-2021-46759
MEDIUM · 6.1

CVE-2021-46759

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of t...

Vulnerability Description

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
AmdRyzen 5300G Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5300G-
AmdRyzen 5300Ge Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5300Ge-
AmdRyzen 5500 Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5500-
AmdRyzen 5600 Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5600-
AmdRyzen 5600G Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5600G-
AmdRyzen 5600Ge Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5600Ge-
AmdRyzen 5600X Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5600X-
AmdRyzen 5700G Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5700G-
AmdRyzen 5700Ge Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5700Ge-
AmdRyzen 5700X Firmwarecezannepi-fp6_1.0.0.8
AmdRyzen 5700X-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2021-46759?

CVE-2021-46759 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of t...

How severe is CVE-2021-46759?

CVE-2021-46759 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46759?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 5300G Firmware, Amd Ryzen 5300G, Amd Ryzen 5300Ge Firmware, Amd Ryzen 5300Ge, Amd Ryzen 5500 Firmware.