CVE-2021-46766

Advisory lineage Upstream: 0 Downstream: 6

Downstream

SUSE-SU-2023:4654-1 SUSE-SU-2023:4655-1 SUSE-SU-2023:4660-1 SUSE-SU-2023:4664-1 SUSE-SU-2023:4665-1 SUSE-SU-2024:2376-1

Modified

Published: 14 Nov 2023, 18:51

Last modified:04 Aug 2024, 05:17

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Nov 2023, 18:51

Published

Vulnerability first disclosed

04 Aug 2024, 05:17

Last Modified

Vulnerability information updated

Description

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

CVSS Metrics

v3.1•LOW•Score: 2.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.03%• Percentile: 10%

Techniques & Countermeasures

CWE-459•Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Affected Systems

amd•4th gen amd epyc™ processors
various
amd•amd epyc™ embedded 9003
various
amd•epyc_9124_firmware
< genoapi_1.0.0.4
amd•epyc_9174f_firmware
< genoapi_1.0.0.4
amd•epyc_9184x_firmware
< genoapi_1.0.0.4
amd•epyc_9224_firmware
< genoapi_1.0.0.4
amd•epyc_9254_firmware
< genoapi_1.0.0.4
amd•epyc_9274f_firmware
< genoapi_1.0.0.4
amd•epyc_9334_firmware
< genoapi_1.0.0.4
amd•epyc_9354_firmware
< genoapi_1.0.0.4
amd•epyc_9354p_firmware
< genoapi_1.0.0.4
amd•epyc_9374f_firmware
< genoapi_1.0.0.4
amd•epyc_9384x_firmware
< genoapi_1.0.0.4
amd•epyc_9454_firmware
< genoapi_1.0.0.4
amd•epyc_9454p_firmware
< genoapi_1.0.0.4
amd•epyc_9474f_firmware
< genoapi_1.0.0.4
amd•epyc_9534_firmware
< genoapi_1.0.0.4
amd•epyc_9554_firmware
< genoapi_1.0.0.4
amd•epyc_9554p_firmware
< genoapi_1.0.0.4
amd•epyc_9634_firmware
< genoapi_1.0.0.4
amd•epyc_9654_firmware
< genoapi_1.0.0.4
amd•epyc_9654p_firmware
< genoapi_1.0.0.4
amd•epyc_9684x_firmware
< genoapi_1.0.0.4
amd•epyc_9734_firmware
< genoapi_1.0.0.4
amd•epyc_9754_firmware
< genoapi_1.0.0.4
amd•epyc_9754s_firmware
< genoapi_1.0.0.4
amd•ryzen_threadripper_pro_3945wx_firmware
< chagallwspi-swrx8_1.0.0.5
amd•ryzen_threadripper_pro_3955wx_firmware
< chagallwspi-swrx8_1.0.0.5
amd•ryzen_threadripper_pro_3975wx_firmware
< chagallwspi-swrx8_1.0.0.5
amd•ryzen_threadripper_pro_3995wx_firmware
< chagallwspi-swrx8_1.0.0.5
amd•ryzen™ threadripper™ pro 3000wx series processors “chagall” ws
various