Lucene search
HistoryJan 11, 2023 - 8:15 a.m.
CVE-2021-46795
toctou
bios
tee os
denial of service
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
4.7
Confidence
High
EPSS
0
Percentile
12.7%
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
Affected configurations
Node
amdcomboam4v2_pi_firmwareRange<1.2.0.5
amdcomboam4v2_piMatch-
Node
amdrenoirpi-fp6_firmwareRange<1.0.0.7
amdcomboam4v2_piMatch-
Node
amdcezannepi-fp6_firmwareRange<1.0.0.6
amdcezannepi-fp6Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amd | comboam4v2_pi_firmware | * | cpe:2.3:o:amd:comboam4v2_pi_firmware:*:*:*:*:*:*:*:* |
| amd | comboam4v2_pi | - | cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:* |
| amd | renoirpi-fp6_firmware | * | cpe:2.3:o:amd:renoirpi-fp6_firmware:*:*:*:*:*:*:*:* |
| amd | cezannepi-fp6_firmware | * | cpe:2.3:o:amd:cezannepi-fp6_firmware:*:*:*:*:*:*:*:* |
| amd | cezannepi-fp6 | - | cpe:2.3:h:amd:cezannepi-fp6:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2021-46795
2023-01-11 08:15:13
prion
prion
Out-of-bounds
2023-01-11 08:15:00
redhatcve
redhatcve
CVE-2021-46795
2023-01-25 13:05:39
cvelist
cvelist
CVE-2021-46795
2023-01-10 20:53:25
hp
hp
AMD Client UEFI Firmware January 2023 Security Updates
2023-01-10 00:00:00
amd
amd
AMD Client Vulnerabilities – January 2023
2023-01-10 00:00:00
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
4.7
Confidence
High
EPSS
0
Percentile
12.7%
Related for NVD:CVE-2021-46795