CVE-2021-46779 - OpenCVE

Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Amd	Romepi Milanpi Firmware Romepi Firmware Naplespi Milanpi Naplespi Firmware

Configuration 1 [-]

AND

cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:naplespi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AMD

Published: 2023-01-10T20:56:52.789Z

Updated: 2023-01-11T07:01:59.843980Z

Reserved: 2022-03-31T16:50:27.875Z

Link: CVE-2021-46779

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-11T08:15:13.213

Modified: 2023-11-07T03:40:03.753

Link: CVE-2021-46779

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:romepi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56013C45-044C-40B0-9503-7E3928602803", "versionEndExcluding": "1.0.0.c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B936879F-731E-4991-ACBB-16643F629B41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B11959F6-2A87-48A4-AD17-16A6B00C6BFA", "versionEndExcluding": "1.0.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:naplespi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB1EE9F8-6AA6-48E1-A5C3-79A1FC70C821", "versionEndExcluding": "1.0.0.g", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C479ABD-FE0C-4C08-B849-7BD516F03733", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada insuficiente en la llamada al sistema SVC_ECC_PRIMITIVE en una aplicaci\u00f3n de usuario comprometida o ABL puede permitir que un atacante corrompa la memoria del sistema operativo ASP (AMD Secure Processor), lo que puede provocar una posible p\u00e9rdida de integridad y disponibilidad."}], "id": "CVE-2021-46779", "lastModified": "2023-11-07T03:40:03.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-11T08:15:13.213", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}