CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

History

27 Jan 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-770

21 Nov 2024, 06:34

Type	Values Removed	Values Added
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory

22 May 2023, 15:40

Type	Values Removed	Values Added
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory
CPE		cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:h:amd:ryzen_3975wx:-:::::::* cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:h:amd:ryzen_3945wx:-:::::::* cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:h:amd:ryzen_3995wx:-:::::::* cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:h:amd:ryzen_3990x:-:::::::* cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:h:amd:ryzen_3955wx:-:::::::* cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::* cpe:2.3:h:amd:ryzen_3970x:-:::::::* cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:::::::* cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:::::::* cpe:2.3:h:amd:ryzen_3960x:-:::::::* cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Amd ryzen 3975wx Firmware Amd ryzen 3990x Firmware Amd ryzen 3945wx Amd ryzen 3990x Amd Amd ryzen 3975wx Amd ryzen 3955wx Firmware Amd ryzen 3955wx Amd ryzen 3970x Firmware Amd ryzen 3995wx Amd ryzen 3960x Amd ryzen 3995wx Firmware Amd ryzen 3945wx Firmware Amd ryzen 3970x Amd ryzen 3960x Firmware
CWE		CWE-119

09 May 2023, 20:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-09 20:15

Updated : 2025-01-27 18:15

NVD link : CVE-2021-46760

Mitre link : CVE-2021-46760

CVE.ORG link : CVE-2021-46760

JSON object : View

Products Affected

amd

ryzen_3970x
ryzen_3945wx_firmware
ryzen_3960x
ryzen_3990x_firmware
ryzen_3990x
ryzen_3975wx
ryzen_3955wx
ryzen_3995wx
ryzen_3960x_firmware
ryzen_3995wx_firmware
ryzen_3955wx_firmware
ryzen_3975wx_firmware
ryzen_3945wx
ryzen_3970x_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-770

Allocation of Resources Without Limits or Throttling

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2021-46760

9.8^/10

Attach tags to `CVE-2021-46760`