Strix
26.1K

CVE-2021-46794

HIGHCVSS 7.5/10EPSS 0.62%

Last modified

CVE-2021-46794 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. . EPSS estimates a 0.62% chance of exploitation in the next 30 days.

Description

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.62%

44.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 5300g Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5300ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5500 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600g Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5600x Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700g Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700ge Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5700x Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5800 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5800x3d Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5800x Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5900 Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5900x Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5945wx Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5950x Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5955wx Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5965wx Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5975wx Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 5995wx Firmwarecezannepi-fp6_1.0.0.6
AmdRyzen 3100 Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3100 Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3100 Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3100 Firmwarepicassopi-fp5_1.0.0.e
AmdRyzen 3100 Firmwarerenoirpi-fp6_1.0.0.7
AmdRyzen 3300x Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3300x Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3300x Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3300x Firmwarepicassopi-fp5_1.0.0.e
AmdRyzen 3300x Firmwarerenoirpi-fp6_1.0.0.7
AmdRyzen 3500 Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3500 Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3500 Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3500 Firmwarepicassopi-fp5_1.0.0.e
AmdRyzen 3500 Firmwarerenoirpi-fp6_1.0.0.7
AmdRyzen 3500x Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3500x Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3500x Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3500x Firmwarepicassopi-fp5_1.0.0.e
AmdRyzen 3500x Firmwarerenoirpi-fp6_1.0.0.7
AmdRyzen 3600 Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3600 Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3600 Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3600 Firmwarepicassopi-fp5_1.0.0.e
AmdRyzen 3600 Firmwarerenoirpi-fp6_1.0.0.7
AmdRyzen 3600x Firmwarecomboam4pi_1.0.0.9
AmdRyzen 3600x Firmwarecomboam4v2_pi_1.2.0.5
AmdRyzen 3600x Firmwarecomboam4v2_pi_1.2.0.8
AmdRyzen 3600x Firmwarepicassopi-fp5_1.0.0.e

Showing 50 of 168 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-46794?
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
How severe is CVE-2021-46794?
CVE-2021-46794 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2021-46794?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-46794?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST