CVE-2021-46795

2023-01-1020:53:25

AMD

www.cve.org

toctou

tee os

denial of service

AI Score

Confidence

High

EPSS

Percentile

12.7%

JSON

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen 5000 Series",
    "vendor": " AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen 3000 Series ",
    "vendor": " AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031