CVE-2021-46747

HIGH

AMD Secure Processor - Insufficient Granularity of Access Control in SMN Aperture Mapping

Title source: llm

Description

Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.

References (2)

Core 2

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

Scores

CVSS v4 7.1

EPSS 0.0010

EPSS Percentile 0.9%

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1220

Status published

Products (28)

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2 PI 1.2.0.8

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD/AMD Radeon™ PRO V520 Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO V620 Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO W5000 Series Graphics Products AMD Software: PRO Edition 25.Q3.1 (25.10.32)

AMD/AMD Radeon™ PRO W6000 Series Graphics Products AMD Software: PRO Edition 25.Q3.1 (25.10.32)

AMD/AMD Radeon™ PRO W7000 Series Graphics Products AMD Software: PRO Edition 25.Q3.1 (25.10.32)

AMD/AMD Radeon™ RX 5000 Series Graphics Products AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)

AMD/AMD Radeon™ RX 6000 Series Graphics Products AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)

AMD/AMD Radeon™ RX 7000 Series Graphics Products AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)

... and 18 more

Published Jun 01, 2026

Tracked Since Jun 02, 2026