CVE-2021-46772

low

Description

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Details

Source: Mitre, NVD

Published: 2024-08-13

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 3.9

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Severity: Low

EPSS

EPSS: 0.00042