#VU84017 Out-of-bounds write in AMD products - CVE-2021-46774
Published: December 8, 2023
Vulnerability identifier: #VU84017
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-46774
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing DRAM address in System
Management Unit (SMU). A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.