What is CVE-2021-46795?

CVE-2021-46795 is a medium-severity vulnerability in Amd Cezannepi-fp6, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 4.7/10. Published 2023-01-11.

How severe is CVE-2021-46795?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Amd Cezannepi-fp6

CVE-2021-46795

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.001 (3.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Amd Cezannepi-fp6
Amd Cezannepi-fp6_firmware
Amd Comboam4v2_pi
Amd Comboam4v2_pi_firmware
Amd Renoirpi-fp6_firmware
Amd Ryzen 3000 Series — versions various
Amd Ryzen 5000 Series — versions various

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

psirt@amd.com (Vendor Advisory)

Frequently asked questions

What is CVE-2021-46795?: CVE-2021-46795 is a medium-severity vulnerability in Amd Cezannepi-fp6, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. CVSS score: 4.7/10. Published 2023-01-11.
How severe is CVE-2021-46795?: Medium severity. CVSS v3 base score is 4.7 out of 10.