CVE-2021-46766

Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Affected products

AMD / 4th Gen AMD EPYC™ Processorsvarious – various
AMD / AMD EPYC™ Embedded 9003various – various
AMD / Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSvarious – various

References

MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001