{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46760", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-03-31T16:50:27.869Z", "datePublished": "2023-05-09T19:01:05.377Z", "dateUpdated": "2025-01-27T17:29:32.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n<br>"}], "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-05-09T19:01:05.377Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}], "source": {"advisory": "AMD-SB-4001", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.578Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-27T17:28:26.554513Z", "id": "CVE-2021-46760", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:29:32.464Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46760", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-03-31T16:50:27.869Z", "datePublished": "2023-05-09T19:01:05.377Z", "dateUpdated": "2025-01-27T17:29:32.464Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "packageName": "AGESA", "platforms": ["x86"], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n<br>"}], "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-05-09T19:01:05.377Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}], "source": {"advisory": "AMD-SB-4001", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.578Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-46760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-27T17:28:26.554513Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:29:27.356Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8C78A967-F746-4878-920A-464568277C81", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDB6866-7C3D-4EB2-B000-F166585F4AA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "406E8509-18D0-4A8D-AB14-E2D8627B2E32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "C59F960F-D975-4CFF-96F1-E15C1A1A89C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "53E14647-F625-4801-B884-1024CFCF7A05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB68A0C0-E575-4AA0-A312-8B1933085C19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "6C274FF4-0DFF-42FF-B308-77042E558337", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB67C763-72E9-4E0D-873A-04220C3583C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "12D08409-5FC5-483A-8E2A-CFF2F82170ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2AAD377-B60E-4EF5-BE1F-944B19CAA02A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "5AE0FEBA-4C22-4DFC-8570-B4245431F266", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E682064-7B94-46F1-A906-20482941B80D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C6A50495-C80D-4A9E-8332-DDB1D9A50827", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DAA0D7A-E918-419D-BC89-65AA9E136C30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1656388D-7294-4C23-A7AA-DE3698B6049F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDB6866-7C3D-4EB2-B000-F166585F4AA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6ABD246-26BB-4A8E-BA08-67591E715F38", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "C59F960F-D975-4CFF-96F1-E15C1A1A89C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC6A1905-D30E-41C3-84DB-C05BE70C110C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB68A0C0-E575-4AA0-A312-8B1933085C19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "24C15B2E-9D61-44C9-876D-0EBB7B438561", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB67C763-72E9-4E0D-873A-04220C3583C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8BED390E-AA1E-424C-8D13-61D661418855", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2AAD377-B60E-4EF5-BE1F-944B19CAA02A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B40AD74-67EC-4258-9073-8AFFDE743D49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E682064-7B94-46F1-A906-20482941B80D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4383AF2-38C5-4225-B058-651979423864", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DAA0D7A-E918-419D-BC89-65AA9E136C30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "A8694294-9D25-4435-AD3E-0135141493B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDB6866-7C3D-4EB2-B000-F166585F4AA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "2559307C-99A8-41D0-B13F-81EF3025857D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "C59F960F-D975-4CFF-96F1-E15C1A1A89C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9A0295EE-CCDA-4B90-8CF2-020A90A77FF4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB68A0C0-E575-4AA0-A312-8B1933085C19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "58FD7B3B-76E4-4EA1-8567-4699B600B541", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB67C763-72E9-4E0D-873A-04220C3583C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "AC69F750-D3C5-455A-AE8C-2AC089C18376", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2AAD377-B60E-4EF5-BE1F-944B19CAA02A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1C9F0F99-6AF5-46C4-A822-38DFE2FAD0B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E682064-7B94-46F1-A906-20482941B80D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "86F7CA80-CDA0-4391-A9C1-0DEF31B08320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DAA0D7A-E918-419D-BC89-65AA9E136C30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n"}], "id": "CVE-2021-46760", "lastModified": "2025-01-27T18:15:29.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-09T20:15:12.283", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}