CVE-2021-46772

Insufficient input validation in the ABL may allow a privileged
attacker with access to the BIOS menu or UEFI shell to tamper with the
structure headers in SPI ROM causing an out of bounds memory read and write,
potentially resulting in memory corruption or denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
AMDCNA
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html