CVE-2021-46756

Q: What is the severity of CVE-2021-46756?

CVE-2021-46756 has a CVSS score of 9.1 (CRITICAL). This vulnerability in AMD Secure Processor bootloader allows attackers with malicious user applications or ABL to send malformed syscalls, potentially causing denial of service and integrity loss. It affects systems with AMD processors containing the vulnerable ASP firmware.

9.1 CRITICAL

Denial of Service

📋 TL;DR

This vulnerability in AMD Secure Processor bootloader allows attackers with malicious user applications or ABL to send malformed syscalls, potentially causing denial of service and integrity loss. It affects systems with AMD processors containing the vulnerable ASP firmware.

💻 Affected Systems

Products:

AMD processors with ASP (AMD Secure Processor)

Versions: Specific firmware versions not detailed in references; consult AMD advisories for exact affected versions.

Operating Systems: All operating systems running on affected AMD hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists at firmware/hardware level, independent of operating system configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including bootloader corruption, persistent denial of service, and potential privilege escalation to secure processor level.

🟠

Likely Case

System crashes, boot failures, and integrity violations requiring hardware-level recovery procedures.

🟢

If Mitigated

Limited impact with proper firmware updates and secure boot configurations preventing unauthorized code execution.

🌐 Internet-Facing: LOW - Requires local access or compromised user application execution.

🏢 Internal Only: HIGH - Malicious insiders or compromised internal applications could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires ability to execute malicious Uapp or ABL code, suggesting need for initial compromise or insider access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AMD firmware updates for specific product lines

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

Restart Required: Yes

Instructions:

1. Identify AMD processor model and current firmware version
2. Visit AMD security bulletin page for applicable firmware updates
3. Follow manufacturer instructions for firmware flashing
4. Verify successful update and secure boot configuration

🔧 Temporary Workarounds

Secure Boot Enforcement

all

Enable and enforce secure boot to prevent unauthorized Uapp/ABL execution

Check BIOS/UEFI settings for secure boot options

🧯 If You Can't Patch

Implement strict application whitelisting to prevent unauthorized Uapp execution
Isolate systems with vulnerable firmware from untrusted networks and users

🔍 How to Verify

Check if Vulnerable:

Check system firmware version against AMD security bulletins for affected versions

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -t bios

Verify Fix Applied:

Verify firmware version has been updated to patched version listed in AMD advisories

📡 Detection & Monitoring

Log Indicators:

Unexpected system reboots
Bootloader error messages
Secure processor failure logs

Network Indicators:

None - local exploitation only

SIEM Query:

EventID 6008 (Unexpected shutdown) OR boot-related errors in system logs

📊 Metadata

CVE ID: CVE-2021-46756

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-20

Published: May 9, 2023

Last Updated: January 28, 2025

🔗 References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Epyc 7232p Firmware by Amd

Epyc 7251 Firmware by Amd

Epyc 7252 Firmware by Amd

Epyc 7261 Firmware by Amd

Epyc 7262 Firmware by Amd

Epyc 7272 Firmware by Amd

Epyc 7281 Firmware by Amd

Epyc 7282 Firmware by Amd

Epyc 72f3 Firmware by Amd

Epyc 7301 Firmware by Amd

Epyc 7302 Firmware by Amd

Epyc 7302p Firmware by Amd

Epyc 7313 Firmware by Amd

Epyc 7313p Firmware by Amd

Epyc 7343 Firmware by Amd

Epyc 7351 Firmware by Amd

Epyc 7351p Firmware by Amd

Epyc 7352 Firmware by Amd

Epyc 7371 Firmware by Amd

Epyc 7373x Firmware by Amd

Epyc 73f3 Firmware by Amd

Epyc 7401 Firmware by Amd

Epyc 7401p Firmware by Amd

Epyc 7402 Firmware by Amd

Epyc 7402p Firmware by Amd

Epyc 7413 Firmware by Amd

Epyc 7443 Firmware by Amd

Epyc 7443p Firmware by Amd

Epyc 7451 Firmware by Amd

Epyc 7452 Firmware by Amd

Epyc 7453 Firmware by Amd

Epyc 7473x Firmware by Amd

Epyc 74f3 Firmware by Amd

Epyc 7501 Firmware by Amd

Epyc 7502 Firmware by Amd

Epyc 7502p Firmware by Amd

Epyc 7513 Firmware by Amd

Epyc 7532 Firmware by Amd

Epyc 7542 Firmware by Amd

Epyc 7543 Firmware by Amd

Epyc 7543p Firmware by Amd

Epyc 7551 Firmware by Amd

Epyc 7551p Firmware by Amd

Epyc 7552 Firmware by Amd

Epyc 7571 Firmware by Amd

Epyc 7573x Firmware by Amd

Epyc 75f3 Firmware by Amd

Epyc 7601 Firmware by Amd

Epyc 7642 Firmware by Amd

Epyc 7643 Firmware by Amd

Epyc 7662 Firmware by Amd

Epyc 7663 Firmware by Amd

Epyc 7702 Firmware by Amd

Epyc 7702p Firmware by Amd

Epyc 7713 Firmware by Amd

Epyc 7713p Firmware by Amd

Epyc 7742 Firmware by Amd

Epyc 7763 Firmware by Amd

Epyc 7773x Firmware by Amd

Epyc 7f32 Firmware by Amd

Epyc 7f52 Firmware by Amd

Epyc 7f72 Firmware by Amd

Epyc 7h12 Firmware by Amd