CVE-2021-46747

Summary

Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.9unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.2unaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.6unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.1unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.Eunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.9unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI 1.0.0.9/ComboAM4 V2 PI 1.2.0.8unaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.9unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.6unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4 V2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedPI-FP5_1002unaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Raven Ridge”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Picasso”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.6unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2_0080unaffected
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32)unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)unaffected
AMDAMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32)unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32)unaffected
AMDAMD Radeon™ PRO V520Contact your AMD Customer Engineering representativeunaffected
AMDAMD Radeon™ PRO V620Contact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-1220: CWE-1220 Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References