CVE-2021-46766 — LOW (2.5) — White Hats Nepal

Q: What is CVE-2021-46766?

CVE-2021-46766 is a vulnerability with a CVSS score of 2.5 (LOW). Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Q: How severe is CVE-2021-46766?

CVE-2021-46766 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-46766?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 9654P Firmware, Amd Epyc 9654P, Amd Epyc 9654 Firmware, Amd Epyc 9654, Amd Epyc 9634 Firmware.

Vulnerability Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

CVSS Score

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amd	Epyc 9654P Firmware	< genoapi_1.0.0.4
Amd	Epyc 9654P	-
Amd	Epyc 9654 Firmware	< genoapi_1.0.0.4
Amd	Epyc 9654	-
Amd	Epyc 9634 Firmware	< genoapi_1.0.0.4
Amd	Epyc 9634	-
Amd	Epyc 9554P Firmware	< genoapi_1.0.0.4
Amd	Epyc 9554P	-
Amd	Epyc 9554 Firmware	< genoapi_1.0.0.4
Amd	Epyc 9554	-
Amd	Epyc 9534 Firmware	< genoapi_1.0.0.4
Amd	Epyc 9534	-
Amd	Epyc 9474F Firmware	< genoapi_1.0.0.4
Amd	Epyc 9474F	-
Amd	Epyc 9454P Firmware	< genoapi_1.0.0.4
Amd	Epyc 9454P	-
Amd	Epyc 9454 Firmware	< genoapi_1.0.0.4
Amd	Epyc 9454	-
Amd	Epyc 9374F Firmware	< genoapi_1.0.0.4
Amd	Epyc 9374F	-

Related Weaknesses (CWE)

CWE-459

References

FAQ

What is CVE-2021-46766?

CVE-2021-46766 is a vulnerability with a CVSS score of 2.5 (LOW). Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

How severe is CVE-2021-46766?

CVE-2021-46766 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46766?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 9654P Firmware, Amd Epyc 9654P, Amd Epyc 9654 Firmware, Amd Epyc 9654, Amd Epyc 9634 Firmware.