First published: Tue May 09 2023(Updated: )
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
Credit: psirt@amd.com
Affected Software | Affected Version | How to fix |
---|---|---|
Amd Ryzen 3945wx Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3945wx | ||
Amd Ryzen 3955wx Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3955wx | ||
Amd Ryzen 3960x Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3960x | ||
Amd Ryzen 3970x Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3970x | ||
Amd Ryzen 3975wx Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3975wx | ||
Amd Ryzen 3990x Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3990x | ||
Amd Ryzen 3995wx Firmware | =castlepeakwspi-swrx8_1.0.0.9 | |
Amd Ryzen 3995wx | ||
Amd Ryzen 3945wx Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3955wx Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3960x Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3970x Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3975wx Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3990x Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3995wx Firmware | =chagallwspi-swrx8_1.0.0.2 | |
Amd Ryzen 3945wx Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3955wx Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3960x Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3970x Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3975wx Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3990x Firmware | =castlepeakpi-sp3r3_1.0.0.7 | |
Amd Ryzen 3995wx Firmware | =castlepeakpi-sp3r3_1.0.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46760 is a vulnerability that allows a malicious or compromised UApp or ABL to send a malformed system call to the bootloader, potentially leading to an out-of-bounds memory access and the leakage of sensitive information or code execution.
CVE-2021-46760 has a severity rating of 9.8, which is considered critical.
The affected software versions include Amd Ryzen 3945wx Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3955wx Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3960x Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3970x Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3975wx Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3990x Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3995wx Firmware version castlepeakwspi-swrx8_1.0.0.9, Amd Ryzen 3945wx Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3955wx Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3960x Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3970x Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3975wx Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3990x Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3995wx Firmware version chagallwspi-swrx8_1.0.0.2, Amd Ryzen 3945wx Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3955wx Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3960x Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3970x Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3975wx Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3990x Firmware version castlepeakpi-sp3r3_1.0.0.7, Amd Ryzen 3995wx Firmware version castlepeakpi-sp3r3_1.0.0.7.
To fix CVE-2021-46760, it is recommended to apply the latest firmware updates provided by AMD.
You can find more information about CVE-2021-46760 on the official AMD product security bulletin at the following link: [AMD Product Security Bulletin](https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001)