Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

Published

2023-11-14T19:15:10.360

Last Modified

2024-11-21T06:34:40.617

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.5 (LOW)

Weaknesses

Type: Primary
CWE-459

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amd	epyc_9654p_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9654p	-	No
Operating System	amd	epyc_9654_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9654	-	No
Operating System	amd	epyc_9634_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9634	-	No
Operating System	amd	epyc_9554p_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9554p	-	No
Operating System	amd	epyc_9554_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9554	-	No
Operating System	amd	epyc_9534_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9534	-	No
Operating System	amd	epyc_9474f_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9474f	-	No
Operating System	amd	epyc_9454p_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9454p	-	No
Operating System	amd	epyc_9454_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9454	-	No
Operating System	amd	epyc_9374f_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9374f	-	No
Operating System	amd	epyc_9354p_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9354p	-	No
Operating System	amd	epyc_9354_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9354	-	No
Operating System	amd	epyc_9334_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9334	-	No
Operating System	amd	epyc_9274f_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9274f	-	No
Operating System	amd	epyc_9254_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9254	-	No
Operating System	amd	epyc_9224_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9224	-	No
Operating System	amd	epyc_9174f_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9174f	-	No
Operating System	amd	epyc_9124_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9124	-	No
Operating System	amd	epyc_9684x_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9684x	-	No
Operating System	amd	epyc_9384x_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9384x	-	No
Operating System	amd	epyc_9184x_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9184x	-	No
Operating System	amd	epyc_9754_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9754	-	No
Operating System	amd	epyc_9754s_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9754s	-	No
Operating System	amd	epyc_9734_firmware	< genoapi_1.0.0.4	Yes
Hardware	amd	epyc_9734	-	No
Operating System	amd	ryzen_threadripper_pro_3995wx_firmware	< chagallwspi-swrx8_1.0.0.5	Yes
Hardware	amd	ryzen_threadripper_pro_3995wx	-	No
Operating System	amd	ryzen_threadripper_pro_3975wx_firmware	< chagallwspi-swrx8_1.0.0.5	Yes
Hardware	amd	ryzen_threadripper_pro_3975wx	-	No
Operating System	amd	ryzen_threadripper_pro_3955wx_firmware	< chagallwspi-swrx8_1.0.0.5	Yes
Hardware	amd	ryzen_threadripper_pro_3955wx	-	No
Operating System	amd	ryzen_threadripper_pro_3945wx_firmware	< chagallwspi-swrx8_1.0.0.5	Yes
Hardware	amd	ryzen_threadripper_pro_3945wx	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 (af854a3a-2127-422b-91ae-364da2661108)