CVE-2021-46772 Vulnerability Details

  /     /     /  

CVE-2021-46772 Metadata Quick Info

CVE Published: 13/08/2024 | CVE Updated: 05/11/2024 | CVE Year: 2021
Source: AMD | Vendor: AMD | Product: AMD EPYC™ 7002 Series Processors
Status : PUBLISHED

---

CVE-2021-46772 Description

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Metrics

CVSS Version: 3.1 | Base Score: 3.9 LOW
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: AMD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).