CVE-2021-46747
7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | PicassoPI-FP5 1.0.0.E | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors | CastlePeakWSPI-sWRX8 1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors | ChagallWSPI-sWRX8 1.0.0.2 | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics | ComboAM4v2 PI 1.2.0.6 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors | ChagallWSPI-sWRX8 1.0.0.1 | unaffected |
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | RenoirPI-FP6 1.0.0.8 | unaffected |
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics | PicassoPI-FP5 1.0.0.E | unaffected |
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | CezannePI-FP6 1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ 3000 Series Desktop Processors | ComboAM4PI 1.0.0.9/ComboAM4 V2 PI 1.2.0.8 | unaffected |
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics | ComboAM4v2 PI 1.2.0.8 | unaffected |
| AMD | AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics | CezannePI-FP6 1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ 4000 Series Desktop Processors | ComboAM4v2 PI 1.2.0.6 | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors | ComboAM4 V2 PI 1.2.0.8 | unaffected |
| AMD | AMD Ryzen™ Embedded R1000 Series Processors | EmbeddedPI-FP5_1.2.0.A | unaffected |
| AMD | AMD Ryzen™ Embedded R2000 Series Processors | EmbeddedPI-FP5_1002 | unaffected |
| AMD | AMD Ryzen™ Embedded 5000 Series Processors | EmbAM4PI 1.0.0.2 | unaffected |
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Raven Ridge”) | EmbeddedPI-FP5_1.2.0.A | unaffected |
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Picasso”) | EmbeddedPI-FP5_1.2.0.A | unaffected |
| AMD | AMD Ryzen™ Embedded V2000 Series Processors | EmbeddedPI-FP6_1.0.0.6 | unaffected |
| AMD | AMD Ryzen™ Embedded V3000 Series Processors | EmbeddedPI-FP7r2_0080 | unaffected |
| AMD | AMD Radeon™ RX 5000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) | unaffected |
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | unaffected |
| AMD | AMD Radeon™ RX 6000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) | unaffected |
| AMD | AMD Radeon™ RX 7000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) | unaffected |
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | unaffected |
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | unaffected |
| AMD | AMD Radeon™ PRO V520 | Contact your AMD Customer Engineering representative | unaffected |
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | unaffected |
Weaknesses
- CWE-1220: CWE-1220 Insufficient Granularity of Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.