CVE-2021-46766
First published: Tue Nov 14 2023(Updated: )
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| AMD EPYC 9654P Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9654P | ||
| All of | ||
| AMD EPYC 9654 firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9654 firmware | ||
| All of | ||
| AMD EPYC 9634 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9634 Firmware | ||
| All of | ||
| AMD EPYC 9554P Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9554P Firmware | ||
| All of | ||
| AMD EPYC 9554 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9554 | ||
| All of | ||
| AMD EPYC 9534 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9534 | ||
| All of | ||
| AMD Epyc 9474F Firmware | <genoapi_1.0.0.4 | |
| AMD Epyc 9474F Firmware | ||
| All of | ||
| AMD EPYC 9454P Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9454P | ||
| All of | ||
| AMD EPYC 9454P Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9454P | ||
| All of | ||
| AMD EPYC 9374F Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9374F Firmware | ||
| All of | ||
| AMD EPYC 9354P Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9354P | ||
| All of | ||
| AMD EPYC 9354 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9354 Firmware | ||
| All of | ||
| AMD EPYC 9334 firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9334 firmware | ||
| All of | ||
| AMD EPYC 9274F Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9274F Firmware | ||
| All of | ||
| AMD EPYC 9254 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9254 | ||
| All of | ||
| AMD EPYC 9224 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9224 | ||
| All of | ||
| AMD EPYC 9174F Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9174F | ||
| All of | ||
| AMD EPYC 9124 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9124 Firmware | ||
| All of | ||
| AMD EPYC 9684X Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9684X Firmware | ||
| All of | ||
| AMD EPYC 9384X Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9384X | ||
| All of | ||
| AMD EPYC 9184X firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9184X | ||
| All of | ||
| Amd Epyc Server Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9754 Firmware | ||
| All of | ||
| AMD EPYC 9754S Firmware | <genoapi_1.0.0.4 | |
| AMD Epyc 9754S | ||
| All of | ||
| AMD EPYC 9734 Firmware | <genoapi_1.0.0.4 | |
| AMD EPYC 9734 Firmware | ||
| All of | ||
| AMD Ryzen Threadripper Pro 3995WX Firmware | <chagallwspi-swrx8_1.0.0.5 | |
| AMD Ryzen Threadripper Pro 3995WX | ||
| All of | ||
| AMD Ryzen Threadripper Pro 3975WX Firmware | <chagallwspi-swrx8_1.0.0.5 | |
| AMD Ryzen Threadripper Pro 3975WX Firmware | ||
| All of | ||
| AMD Ryzen Threadripper Pro 3955WX Firmware | <chagallwspi-swrx8_1.0.0.5 | |
| AMD Ryzen Threadripper Pro 3955WX | ||
| All of | ||
| AMD Ryzen Threadripper Pro 3945WX Firmware | <chagallwspi-swrx8_1.0.0.5 | |
| AMD Ryzen Threadripper Pro 3945WX Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-46766?
The severity of CVE-2021-46766 is considered high due to potential exposure of sensitive data.
How do I fix CVE-2021-46766?
To fix CVE-2021-46766, users should update the firmware to the latest version provided by AMD.
What types of systems are affected by CVE-2021-46766?
CVE-2021-46766 affects several AMD EPYC and Ryzen Threadripper Pro firmware versions.
What could happen if CVE-2021-46766 is exploited?
Exploitation of CVE-2021-46766 could result in a loss of confidentiality by exposing secret keys to attackers.
Is there a workaround for CVE-2021-46766?
Currently, the recommended approach for CVE-2021-46766 is to apply the firmware update, as no specific workaround is documented.
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/event
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/amd epyc 9654p firmware
- canonical/amd epyc 9654p
- canonical/amd epyc 9654 firmware
- canonical/amd epyc 9634 firmware
- canonical/amd epyc 9554p firmware
- canonical/amd epyc 9554 firmware
- canonical/amd epyc 9554
- canonical/amd epyc 9534 firmware
- canonical/amd epyc 9534
- canonical/amd epyc 9474f firmware
- canonical/amd epyc 9454p firmware
- canonical/amd epyc 9454p
- canonical/amd epyc 9374f firmware
- canonical/amd epyc 9354p firmware
- canonical/amd epyc 9354p
- canonical/amd epyc 9354 firmware
- canonical/amd epyc 9334 firmware
- canonical/amd epyc 9274f firmware
- canonical/amd epyc 9254 firmware
- canonical/amd epyc 9254
- canonical/amd epyc 9224 firmware
- canonical/amd epyc 9224
- canonical/amd epyc 9174f firmware
- canonical/amd epyc 9174f
- canonical/amd epyc 9124 firmware
- canonical/amd epyc 9684x firmware
- canonical/amd epyc 9384x firmware
- canonical/amd epyc 9384x
- canonical/amd epyc 9184x firmware
- canonical/amd epyc 9184x
- canonical/amd epyc server firmware
- canonical/amd epyc 9754 firmware
- canonical/amd epyc 9754s firmware
- canonical/amd epyc 9754s
- canonical/amd epyc 9734 firmware
- canonical/amd ryzen threadripper pro 3995wx firmware
- canonical/amd ryzen threadripper pro 3995wx
- canonical/amd ryzen threadripper pro 3975wx firmware
- canonical/amd ryzen threadripper pro 3955wx firmware
- canonical/amd ryzen threadripper pro 3955wx
- canonical/amd ryzen threadripper pro 3945wx firmware