CVE-2021-46767 - OpenCVE

Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Amd	Milanpi Firmware Romepi Milanpi Romepi Firmware

Configuration 1 [-]

AND

cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*

cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AMD

Published: 2023-01-10T20:56:50.057Z

Updated: 2023-01-11T07:01:59.843980Z

Reserved: 2022-03-31T16:50:27.871Z

Link: CVE-2021-46767

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-11T08:15:13.110

Modified: 2023-11-07T03:40:03.563

Link: CVE-2021-46767

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B936879F-731E-4991-ACBB-16643F629B41", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "88ECFD2A-170F-46B8-9013-4605ED25626F", "versionEndExcluding": "1.0.0.d", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22D9F20-76BB-4949-8DAA-CA671687FF15", "versionEndExcluding": "1.0.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada insuficiente en el ASP puede permitir que un atacante con acceso f\u00edsico realice un acceso de escritura no autorizado a la memoria, lo que podr\u00eda provocar una p\u00e9rdida de integridad o denegaci\u00f3n de servicio."}], "id": "CVE-2021-46767", "lastModified": "2023-11-07T03:40:03.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-11T08:15:13.110", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}