CVE-2021-46772

{"id": "CVE-2021-46772", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 0.8}]}, "published": "2024-08-13T17:15:17.993", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html", "source": "psirt@amd.com"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html", "source": "psirt@amd.com"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html", "source": "psirt@amd.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada insuficiente en ABL puede permitir que un atacante privilegiado con acceso al men\u00fa del BIOS o al shell UEFI altere los encabezados de la estructura en la ROM SPI, lo que provoca una lectura y escritura de memoria fuera de los l\u00edmites, lo que podr\u00eda provocar da\u00f1os en la memoria o denegaci\u00f3n de servicio."}], "lastModified": "2024-11-05T22:35:01.630", "sourceIdentifier": "psirt@amd.com"}