CVE-2021-46758

Name: CVE-2021-46758
Creator: NVD / NIST
Published: 2023-11-14T19:15:10.31+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 0.33%

Last modified Jun 17, 2026

CVE-2021-46758 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. . EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

0.33%

24.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Amd	Ryzen 7 5700g Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 7 5700ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 5 5600g Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 5 5600ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 3 5300g Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 3 5300ge Firmware	< comboam4v2_pi_1.2.0.8
Amd	Ryzen 9 7950x3d Firmware	< comboam5_1.0.0.1
Amd	Ryzen 9 7900x3d Firmware	< comboam5_1.0.0.1
Amd	Ryzen 7 7800x3d Firmware	< comboam5_1.0.0.1
Amd	Ryzen 9 4900h Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 9 4900hs Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 4800h Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 4800hs Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 4980u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 4800u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 4700u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 5 4600h Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 5 4600hs Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 5 4680u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 5 4600u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 5 4500u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 3 4300u Firmware	< renoirpi-fp6_1.0.0.a
Amd	Ryzen 7 5700u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5500u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 3 5300u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 9 5980hx Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 9 5980hs Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 9 5900hx Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 9 5900hs Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 7 5800h Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 7 5800hs Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 7 5825u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 7 5800u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5600h Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5600hs Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5625u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5600u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5560u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 5 5500h Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 3 5425u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 3 5400u Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 3 5125c Firmware	< cezannepi-fp6_1.0.0.c
Amd	Ryzen 9 6980hx Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 9 6980hs Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 9 6900hx Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 9 6900hs Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 7 6800h Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 7 6800hs Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 7 6800u Firmware	< rembrandtpi-fp7_1.0.0.5
Amd	Ryzen 5 6600h Firmware	< rembrandtpi-fp7_1.0.0.5

Showing 50 of 61 affected configurations. See NVD for the full list.

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory

Timeline

Published: Nov 14, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-46758?

How severe is CVE-2021-46758?

CVE-2021-46758 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.

How do I fix CVE-2021-46758?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-46758?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST