CVE-2021-46772

Summary

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7002 Series ProcessorsRomePI 1.0.0.Eunaffected
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.9unaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4V2 1.2.0.Aunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4V2 1.2.0.Aaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsvariousaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.6unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsChagallWSPI-sWRX8 1.0.0.6unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.3unaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7unaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.7unaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Eunaffected
AMDAMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3 1.0.0.8unaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.5unaffected
AMDAMD Ryzen™ Embedded R1000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded R2000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded 5000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded V1000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded V2000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2 1.0.0.4unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References