1. Home
  2. CVE Database
  3. CVE-2021-46774
MEDIUM · 6.7

CVE-2021-46774

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

Vulnerability Description

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
LOW

Affected Products

VendorProductVersions
AmdEpyc 7001 Firmware< naplespi_1.0.0.k
AmdEpyc 7001-
AmdEpyc 7251 Firmware< naplespi_1.0.0.k
AmdEpyc 7251-
AmdEpyc 7261 Firmware< naplespi_1.0.0.k
AmdEpyc 7261-
AmdEpyc 7281 Firmware< naplespi_1.0.0.k
AmdEpyc 7281-
AmdEpyc 7301 Firmware< naplespi_1.0.0.k
AmdEpyc 7301-
AmdEpyc 7351 Firmware< naplespi_1.0.0.k
AmdEpyc 7351-
AmdEpyc 7351P Firmware< naplespi_1.0.0.k
AmdEpyc 7351P-
AmdEpyc 7371 Firmware< naplespi_1.0.0.k
AmdEpyc 7371-
AmdEpyc 7401 Firmware< naplespi_1.0.0.k
AmdEpyc 7401-
AmdEpyc 7401P Firmware< naplespi_1.0.0.k
AmdEpyc 7401P-

References

FAQ

What is CVE-2021-46774?

CVE-2021-46774 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

How severe is CVE-2021-46774?

CVE-2021-46774 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-46774?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7001 Firmware, Amd Epyc 7001, Amd Epyc 7251 Firmware, Amd Epyc 7251, Amd Epyc 7261 Firmware.