CVE-2021-46795

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:comboam4v2_pi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:renoirpi-fp6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:cezannepi-fp6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:cezannepi-fp6:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:34

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad TOCTOU (time-of-check to time-of-use) donde un atacante puede usar un BIOS comprometido para hacer que TEE OS lea la memoria fuera de los límites, lo que potencialmente podría resultar en una denegación de servicio.
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 - Vendor Advisory

Information

Published : 2023-01-11 08:15

Updated : 2025-04-09 15:15

NVD link : CVE-2021-46795

Mitre link : CVE-2021-46795

CVE.ORG link : CVE-2021-46795

JSON object : View

Products Affected

amd

cezannepi-fp6_firmware
cezannepi-fp6
renoirpi-fp6_firmware
comboam4v2_pi
comboam4v2_pi_firmware

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2021-46795", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2023-01-11T08:15:13.347", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}, {"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service."}, {"lang": "es", "value": "Existe una vulnerabilidad TOCTOU (time-of-check to time-of-use) donde un atacante puede usar un BIOS comprometido para hacer que TEE OS lea la memoria fuera de los l\u00edmites, lo que potencialmente podr\u00eda resultar en una denegaci\u00f3n de servicio."}], "lastModified": "2025-04-09T15:15:45.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:comboam4v2_pi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D075A02-6278-43AB-8108-66DBA2FA3F50", "versionEndExcluding": "1.2.0.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DAC265C7-A9A3-4156-9AB3-8F975AED6764"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:renoirpi-fp6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E0B55C4-452F-42AD-B00F-4A61CEED1337", "versionEndExcluding": "1.0.0.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:comboam4v2_pi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DAC265C7-A9A3-4156-9AB3-8F975AED6764"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:cezannepi-fp6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CEF152D-7D7D-4632-BCDA-FA46A8D8AA12", "versionEndExcluding": "1.0.0.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:cezannepi-fp6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBE05F55-E039-486A-B3E0-E1CC3BF81049"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@amd.com"}