{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46791", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-05-04T18:14:06.436Z", "datePublished": "2023-01-10T20:56:54.107Z", "dateUpdated": "2025-04-09T14:46:50.603Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "3rd Gen EPYC", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}], "datePublic": "2023-01-10T17:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.<br>"}], "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-01-11T07:01:59.843Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "source": {"advisory": "AMD-SB-1032", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.675Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T14:45:45.955007Z", "id": "CVE-2021-46791", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:46:50.603Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46791", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-05-04T18:14:06.436Z", "datePublished": "2023-01-10T20:56:54.107Z", "dateUpdated": "2025-04-09T14:46:50.603Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "3rd Gen EPYC", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}], "datePublic": "2023-01-10T17:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.<br>"}], "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-01-11T07:01:59.843Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "source": {"advisory": "AMD-SB-1032", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.675Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-46791", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T14:45:45.955007Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:46:39.831Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2C9E53C-FE78-4045-9965-1F6FD1CFDD20", "versionEndExcluding": "1.0.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada insuficiente durante el an\u00e1lisis del binario del System Management Mode (SMM) puede permitir que un binario ejecutable de SMM creado con fines malintencionados corrompa la memoria de la aplicaci\u00f3n del usuario de la Dynamic Root of Trust for Measurement (DRTM), lo que puede resultar en una posible denegaci\u00f3n de servicio."}], "id": "CVE-2021-46791", "lastModified": "2025-04-09T15:15:45.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-11T08:15:13.270", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}