What is CVE-2021-46779?

CVE-2021-46779 is a vulnerability that allows an attacker to corrupt ASP (AMD Secure Processor) OS memory, potentially leading to loss of integrity and availability.

What is the severity of CVE-2021-46779?

CVE-2021-46779 has a severity rating of 7.1 (high).

Which software is affected by CVE-2021-46779?

AMD Romepi Firmware versions up to exclusive 1.0.0.c, AMD Milanpi Firmware versions up to exclusive 1.0.0.4, and AMD Naplespi Firmware versions up to exclusive 1.0.0.g are affected by CVE-2021-46779.

How can an attacker exploit CVE-2021-46779?

An attacker can exploit CVE-2021-46779 through a compromised user application or ABL by manipulating the SVC_ECC_PRIMITIVE system call to corrupt ASP OS memory.

Is AMD Romepi, AMD Milanpi, or AMD Naplespi vulnerable to CVE-2021-46779?

AMD Romepi, AMD Milanpi, and AMD Naplespi are not vulnerable to CVE-2021-46779.

How can I fix CVE-2021-46779?

To fix CVE-2021-46779, it is recommended to apply the necessary firmware updates provided by AMD.

Where can I find more information about CVE-2021-46779?

More information about CVE-2021-46779 can be found on the AMD Product Security Bulletin at https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032.

Vulnerability/
CVE-2021-46779

high

7.1

CWE

787 20

10/1/2023

4/8/2024

CVE-2021-46779: Input Validation

First published: Tue Jan 10 2023(Updated: )

Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.

Credit: psirt@amd.com

Affected Software	Affected Version	How to fix
Amd Romepi Firmware	<1.0.0.c
Amd Romepi
Amd Milanpi Firmware	<1.0.0.4
Amd Milanpi
Amd Naplespi Firmware	<1.0.0.g
Amd Naplespi

Never miss a vulnerability like this again

Reference Links

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Frequently Asked Questions

What is CVE-2021-46779?
CVE-2021-46779 is a vulnerability that allows an attacker to corrupt ASP (AMD Secure Processor) OS memory, potentially leading to loss of integrity and availability.
What is the severity of CVE-2021-46779?
CVE-2021-46779 has a severity rating of 7.1 (high).
Which software is affected by CVE-2021-46779?
AMD Romepi Firmware versions up to exclusive 1.0.0.c, AMD Milanpi Firmware versions up to exclusive 1.0.0.4, and AMD Naplespi Firmware versions up to exclusive 1.0.0.g are affected by CVE-2021-46779.
How can an attacker exploit CVE-2021-46779?
An attacker can exploit CVE-2021-46779 through a compromised user application or ABL by manipulating the SVC_ECC_PRIMITIVE system call to corrupt ASP OS memory.
Is AMD Romepi, AMD Milanpi, or AMD Naplespi vulnerable to CVE-2021-46779?
AMD Romepi, AMD Milanpi, and AMD Naplespi are not vulnerable to CVE-2021-46779.
How can I fix CVE-2021-46779?
To fix CVE-2021-46779, it is recommended to apply the necessary firmware updates provided by AMD.
Where can I find more information about CVE-2021-46779?
More information about CVE-2021-46779 can be found on the AMD Product Security Bulletin at https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/amd
canonical/amd romepi firmware
canonical/amd romepi
canonical/amd milanpi firmware
canonical/amd milanpi
canonical/amd naplespi firmware
canonical/amd naplespi

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.