CVE-2021-46756

CRITICAL

ASP Bootloader - DoS

Title source: llm

Description

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.

References (2)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Scores

CVSS v3 9.1

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-20

Status published

Affected Products (50)

amd/epyc_72f3_firmware

amd/epyc_7313_firmware

amd/epyc_7313p_firmware

amd/epyc_7343_firmware

amd/epyc_7373x_firmware

amd/epyc_73f3_firmware

amd/epyc_7413_firmware

amd/epyc_7443_firmware

amd/epyc_7443p_firmware

amd/epyc_7453_firmware

amd/epyc_7473x_firmware

amd/epyc_74f3_firmware

amd/epyc_7513_firmware

amd/epyc_7543_firmware

amd/epyc_7543p_firmware

... and 35 more

Timeline

Published May 09, 2023

Tracked Since Feb 18, 2026