CVE-2021-46772 LOW

CVE-2021-46772

Vendor Amd
Product AMD Ryzen™ 3000 Series Desktop Processors
Published August 13, 2024
Last update November 5, 2024

CVSS base score

3.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
November 5, 2024 Record updated