CVE-2021-46759

Summary

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 2000 series Desktop Processors “Raven Ridge” AM4variousaffected
AMDRyzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULPvariousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”variousaffected
AMDRyzen™ 2000 Series Mobile Processors “Raven Ridge” FP5variousaffected
AMDRyzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”variousaffected
AMDRyzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”variousaffected
AMDRyzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”variousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References