CVE-2021-46766

LOW

ASP Bootloader - Info Disclosure

Title source: llm

Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

References (3)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

Scores

CVSS v3 2.5

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-459

Status published

Products (28)

amd/epyc_9124_firmware < genoapi_1.0.0.4

amd/epyc_9174f_firmware < genoapi_1.0.0.4

amd/epyc_9184x_firmware < genoapi_1.0.0.4

amd/epyc_9224_firmware < genoapi_1.0.0.4

amd/epyc_9254_firmware < genoapi_1.0.0.4

amd/epyc_9274f_firmware < genoapi_1.0.0.4

amd/epyc_9334_firmware < genoapi_1.0.0.4

amd/epyc_9354_firmware < genoapi_1.0.0.4

amd/epyc_9354p_firmware < genoapi_1.0.0.4

amd/epyc_9374f_firmware < genoapi_1.0.0.4

... and 18 more

Published Nov 14, 2023

Tracked Since Feb 18, 2026