Out-of-bounds write in AMD products - CVE-2021-46774
Published: December 8, 2023
Vulnerability identifier: #VU84017
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-46774
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: AMD
Affected software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing DRAM address in System
Management Unit (SMU). A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
How to mitigate CVE-2021-46774
Install updates from vendor's website.