CVE-2021-46746 - Vulnerability Details

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

History

Thu, 31 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120

Wed, 14 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Metrics		cvssV3_1 `{'score': 5.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2024-08-13T16:50:51.023Z

Updated: 2024-10-31T13:57:25.237Z

Reserved: 2022-03-31T16:50:27.864Z

Link: CVE-2021-46746

Vulnrichment

Updated: 2024-08-14T16:21:42.850Z

NVD

Status : Awaiting Analysis

Published: 2024-08-13T17:15:17.787

Modified: 2024-10-31T14:35:00.797

Link: CVE-2021-46746

Redhat

No data.

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46746", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-03-31T16:50:27.864Z", "datePublished": "2024-08-13T16:50:51.023Z", "dateUpdated": "2024-10-31T13:57:25.237Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD EPYC\u2122 7001 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various", "versionType": "PI"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.9"}, {"status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V2 PI 1.2.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "ComboAM5 1.0.8.0"}]}, {"defaultStatus": "unaffected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.9"}, {"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CastlePeakPI-SP3r3  1.0.0.7"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2"}, {"status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.9"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "PollockPI-FT5  1.0.0.4"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3b"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9003 Series Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5  1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbAM4PI  1.0.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI  1.0.0.0"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.2"}]}], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (<a target=\"_blank\" rel=\"nofollow\">TEE</a>) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, <a target=\"_blank\" rel=\"nofollow\">potentially</a>&nbsp;leading to a denial of service.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>"}], "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:50:51.023Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"}], "source": {"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T16:06:22.367564Z", "id": "CVE-2021-46746", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T13:57:25.237Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2021-46746 (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

state : PUBLISHED (string)

assignerShortName : AMD (string)

dateReserved : 2022-03-31T16:50:27.864Z (string)

datePublished : 2024-08-13T16:50:51.023Z (string)

dateUpdated : 2024-10-31T13:57:25.237Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : affected (string)

product : AMD EPYC™ 7001 Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

versionType : PI (string)

}

]

}

1 : { »

defaultStatus : affected (string)

product : AMD EPYC™ 7002 Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

2 : { »

defaultStatus : affected (string)

product : AMD EPYC™ 7003 Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

3 : { »

defaultStatus : affected (string)

product : AMD EPYC™ 9004 Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

4 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4PI 1.0.0.9 (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4 V2 PI 1.2.0.8 (string)

}

]

}

5 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 PI 1.2.0.8 (string)

}

]

}

6 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.5 (string)

}

]

}

7 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : ComboAM5 1.0.8.0 (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

product : AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4PI 1.0.0.9 (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.8 (string)

}

]

}

9 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.5 (string)

}

]

}

10 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ 3000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CastlePeakPI-SP3r3 1.0.0.7 (string)

}

]

}

11 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.2 (string)

}

1 : { »

status : unaffected (string)

version : CastlePeakWSPI-sWRX8 1.0.0.9 (string)

}

]

}

12 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ PRO 5000WX Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.2 (string)

}

]

}

13 : { »

defaultStatus : affected (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.E (string)

}

]

}

14 : { »

defaultStatus : affected (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : PollockPI-FT5 1.0.0.4 (string)

}

]

}

15 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.E (string)

}

]

}

16 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RenoirPI-FP6 1.0.0.8 (string)

}

]

}

17 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

}

18 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

}

19 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : MendocinoPI-FT6 1.0.0.6 (string)

}

]

}

20 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.5 (string)

}

]

}

21 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.5 (string)

}

]

}

22 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

}

23 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

}

24 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7045 Series Mobile Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : DragonRangeFL1PI 1.0.0.3b (string)

}

]

}

25 : { »

defaultStatus : affected (string)

product : AMD EPYC™ Embedded 3000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

26 : { »

defaultStatus : affected (string)

product : AMD EPYC™ Embedded 7002 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

27 : { »

defaultStatus : affected (string)

product : AMD EPYC™ Embedded 7003 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

28 : { »

defaultStatus : affected (string)

product : AMD EPYC™ Embedded 9003 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

29 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded R1000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

}

30 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded R2000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedR2KPI-FP5 1.0.0.2 (string)

}

]

}

31 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded 5000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbAM4PI 1.0.0.2 (string)

}

]

}

32 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded 7000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedAM5PI 1.0.0.0 (string)

}

]

}

33 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded V1000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

}

34 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded V2000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP6 1.0.0.6 (string)

}

]

}

35 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded V3000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP7r2 1.0.0.2 (string)

}

]

}

]

datePublic : 2024-08-13T16:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <span style="background-color: rgb(255, 255, 255);">Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (<a target="_blank" rel="nofollow">TEE</a>) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, <a target="_blank" rel="nofollow">potentially</a> leading to a denial of service.<div><div><div> </div> </div> </div> <div><div><div> </div> </div> </div> </span> (string)

}

]

value : Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2024-08-13T16:50:51.023Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

}

]

source : { »

advisory : AMD-SB-4002, AMD-SB-3002, AMD-SB-5001 (string)

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-120 (string)

lang : en (string)

description : CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-08-14T16:06:22.367564Z (string)

id : CVE-2021-46746 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-31T13:57:25.237Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T16:06:22.367564Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T16:21:42.850Z"}}], "cna": {"source": {"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD EPYC\u2122 7001 Processors", "versions": [{"status": "affected", "version": "various", "versionType": "PI"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 7002 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 7003 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 9004 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.9"}, {"status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM4V2 PI 1.2.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "versions": [{"status": "affected", "version": "ComboAM5 1.0.8.0"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.9"}, {"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8"}], "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "versions": [{"status": "unaffected", "version": "CastlePeakPI-SP3r3  1.0.0.7"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2"}, {"status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.9"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "PollockPI-FT5  1.0.0.4"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.6"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors", "versions": [{"status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3b"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9003 Series Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5  1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbAM4PI  1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI  1.0.0.0"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.6"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.2"}], "defaultStatus": "affected"}], "datePublic": "2024-08-13T16:00:00.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (<a target=\"_blank\" rel=\"nofollow\">TEE</a>) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, <a target=\"_blank\" rel=\"nofollow\">potentially</a>&nbsp;leading to a denial of service.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>", "base64": false}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:50:51.023Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46746", "state": "PUBLISHED", "dateUpdated": "2024-10-31T13:57:25.237Z", "dateReserved": "2022-03-31T16:50:27.864Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-08-13T16:50:51.023Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-46746 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-08-14T16:06:22.367564Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-120 (string)

description : CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-14T16:21:42.850Z (string)

}

]

cna : { »

source : { »

advisory : AMD-SB-4002, AMD-SB-3002, AMD-SB-5001 (string)

discovery : UNKNOWN (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.2 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H (string)

integrityImpact : LOW (string)

userInteraction : NONE (string)

attackComplexity : HIGH (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : LOW (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : AMD (string)

product : AMD EPYC™ 7001 Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

versionType : PI (string)

}

]

defaultStatus : affected (string)

}

1 : { »

vendor : AMD (string)

product : AMD EPYC™ 7002 Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

2 : { »

vendor : AMD (string)

product : AMD EPYC™ 7003 Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

3 : { »

vendor : AMD (string)

product : AMD EPYC™ 9004 Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

4 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4PI 1.0.0.9 (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4 V2 PI 1.2.0.8 (string)

}

]

defaultStatus : affected (string)

}

5 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 PI 1.2.0.8 (string)

}

]

defaultStatus : affected (string)

}

6 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.5 (string)

}

]

defaultStatus : affected (string)

}

7 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : ComboAM5 1.0.8.0 (string)

}

]

defaultStatus : affected (string)

}

8 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4PI 1.0.0.9 (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.8 (string)

}

]

defaultStatus : unaffected (string)

}

9 : { »

vendor : AMD (string)

product : AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4v2 PI 1.2.0.5 (string)

}

]

defaultStatus : affected (string)

}

10 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ 3000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CastlePeakPI-SP3r3 1.0.0.7 (string)

}

]

defaultStatus : affected (string)

}

11 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.2 (string)

}

1 : { »

status : unaffected (string)

version : CastlePeakWSPI-sWRX8 1.0.0.9 (string)

}

]

defaultStatus : affected (string)

}

12 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ PRO 5000WX Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.2 (string)

}

]

defaultStatus : affected (string)

}

13 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

14 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : affected (string)

version : PollockPI-FT5 1.0.0.4 (string)

}

]

defaultStatus : affected (string)

}

15 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

16 : { »

vendor : AMD (string)

product : AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RenoirPI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

17 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

18 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

19 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : MendocinoPI-FT6 1.0.0.6 (string)

}

]

defaultStatus : affected (string)

}

20 : { »

vendor : AMD (string)

product : AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.5 (string)

}

]

defaultStatus : affected (string)

}

21 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.5 (string)

}

]

defaultStatus : affected (string)

}

22 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

23 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

24 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7045 Series Mobile Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : DragonRangeFL1PI 1.0.0.3b (string)

}

]

defaultStatus : affected (string)

}

25 : { »

vendor : AMD (string)

product : AMD EPYC™ Embedded 3000 Series Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

26 : { »

vendor : AMD (string)

product : AMD EPYC™ Embedded 7002 Series Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

27 : { »

vendor : AMD (string)

product : AMD EPYC™ Embedded 7003 Series Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

28 : { »

vendor : AMD (string)

product : AMD EPYC™ Embedded 9003 Series Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : affected (string)

}

29 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded R1000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

30 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded R2000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedR2KPI-FP5 1.0.0.2 (string)

}

]

defaultStatus : affected (string)

}

31 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded 5000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbAM4PI 1.0.0.2 (string)

}

]

defaultStatus : affected (string)

}

32 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded 7000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedAM5PI 1.0.0.0 (string)

}

]

defaultStatus : affected (string)

}

33 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V1000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

34 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V2000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP6 1.0.0.6 (string)

}

]

defaultStatus : affected (string)

}

35 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V3000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP7r2 1.0.0.2 (string)

}

]

defaultStatus : affected (string)

}

]

datePublic : 2024-08-13T16:00:00.000Z (string)

references : [ »

0 : { »

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

base64 : false (boolean)

}

]

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2024-08-13T16:50:51.023Z (string)

}

cveMetadata : { »

cveId : CVE-2021-46746 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-31T13:57:25.237Z (string)

dateReserved : 2022-03-31T16:50:27.864Z (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

datePublished : 2024-08-13T16:50:51.023Z (string)

assignerShortName : AMD (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."}, {"lang": "es", "value": "La falta de mecanismos de explotaci\u00f3n de protecci\u00f3n de pila en ASP Secure OS Trusted Execution Environment (TEE) puede permitir que un atacante privilegiado con acceso a las claves de firma de AMD c006Frrupt la direcci\u00f3n de retorno, provocando una saturaci\u00f3n del b\u00fafer basado en la pila, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio."}], "id": "CVE-2021-46746", "lastModified": "2024-10-31T14:35:00.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 4.7, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2024-08-13T17:15:17.787", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

}

1 : { »

lang : es (string)

value : La falta de mecanismos de explotación de protección de pila en ASP Secure OS Trusted Execution Environment (TEE) puede permitir que un atacante privilegiado con acceso a las claves de firma de AMD c006Frrupt la dirección de retorno, provocando una saturación del búfer basado en la pila, lo que podría conducir a una denegación de servicio. (string)

}

]

id : CVE-2021-46746 (string)

lastModified : 2024-10-31T14:35:00.797 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.5 (number)

impactScore : 4.7 (number)

source : psirt@amd.com (string)

type : Secondary (string)

}

]

}

published : 2024-08-13T17:15:17.787 (string)

references : [ »

0 : { »

source : psirt@amd.com (string)

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

}

]

sourceIdentifier : psirt@amd.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-120 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object