CVE-2021-46772

Published: Aug 13, 2024Modified: Nov 5, 2024

3.9

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Exploitability: 0.8 / Impact: 2.7

Source: psirt@amd.com (Secondary)

Description

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Source: psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

Source: psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Source: psirt@amd.com

Timeline

No history available yet.