CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Published: Nov 14, 2023
Updated: Jun 19, 2024
CVE: CVE-2021-46766
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-459

Affected Software
References

Software	From	Fixed in
amd / epyc_9654p_firmware	-	genoapi_1.0.0.4
amd / epyc_9654_firmware	-	genoapi_1.0.0.4
amd / epyc_9634_firmware	-	genoapi_1.0.0.4
amd / epyc_9554p_firmware	-	genoapi_1.0.0.4
amd / epyc_9554_firmware	-	genoapi_1.0.0.4
amd / epyc_9534_firmware	-	genoapi_1.0.0.4
amd / epyc_9474f_firmware	-	genoapi_1.0.0.4
amd / epyc_9454p_firmware	-	genoapi_1.0.0.4
amd / epyc_9454_firmware	-	genoapi_1.0.0.4
amd / epyc_9374f_firmware	-	genoapi_1.0.0.4
amd / epyc_9354p_firmware	-	genoapi_1.0.0.4
amd / epyc_9354_firmware	-	genoapi_1.0.0.4
amd / epyc_9334_firmware	-	genoapi_1.0.0.4
amd / epyc_9274f_firmware	-	genoapi_1.0.0.4
amd / epyc_9254_firmware	-	genoapi_1.0.0.4
amd / epyc_9224_firmware	-	genoapi_1.0.0.4
amd / epyc_9174f_firmware	-	genoapi_1.0.0.4
amd / epyc_9124_firmware	-	genoapi_1.0.0.4
amd / epyc_9684x_firmware	-	genoapi_1.0.0.4
amd / epyc_9384x_firmware	-	genoapi_1.0.0.4
amd / epyc_9184x_firmware	-	genoapi_1.0.0.4
amd / epyc_9754_firmware	-	genoapi_1.0.0.4
amd / epyc_9754s_firmware	-	genoapi_1.0.0.4
amd / epyc_9734_firmware	-	genoapi_1.0.0.4
amd / ryzen_threadripper_pro_3995wx_firmware	-	chagallwspi-swrx8_1.0.0.5
amd / ryzen_threadripper_pro_3975wx_firmware	-	chagallwspi-swrx8_1.0.0.5
amd / ryzen_threadripper_pro_3955wx_firmware	-	chagallwspi-swrx8_1.0.0.5
amd / ryzen_threadripper_pro_3945wx_firmware	-	chagallwspi-swrx8_1.0.0.5

Vulnerability Database

289,599

CVE-2021-46766