CVE-2021-46760

CRITICAL

Bootloader - Info Disclosure

Title source: llm

Description

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 55.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-770

Status published

Affected Products (21)

amd/ryzen_3945wx_firmware

amd/ryzen_3955wx_firmware

amd/ryzen_3960x_firmware

amd/ryzen_3970x_firmware

amd/ryzen_3975wx_firmware

amd/ryzen_3990x_firmware

amd/ryzen_3995wx_firmware

amd/ryzen_3945wx_firmware

amd/ryzen_3955wx_firmware

amd/ryzen_3960x_firmware

amd/ryzen_3970x_firmware

amd/ryzen_3975wx_firmware

amd/ryzen_3990x_firmware

amd/ryzen_3995wx_firmware

amd/ryzen_3945wx_firmware

... and 6 more

Timeline

Published May 09, 2023

Tracked Since Feb 18, 2026