CVE-2021-46760

Q: What is the severity of CVE-2021-46760?

CVE-2021-46760 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows a malicious or compromised UApp or ABL to send malformed system calls to AMD bootloaders, potentially leading to out-of-bounds memory access. Successful exploitation could result in sensitive information disclosure or arbitrary code execution. This affects systems with vulnerable AMD processors and firmware.

9.8 CRITICAL

📋 TL;DR

This vulnerability allows a malicious or compromised UApp or ABL to send malformed system calls to AMD bootloaders, potentially leading to out-of-bounds memory access. Successful exploitation could result in sensitive information disclosure or arbitrary code execution. This affects systems with vulnerable AMD processors and firmware.

💻 Affected Systems

Products:

AMD processors with vulnerable firmware

Versions: Specific firmware versions as detailed in AMD advisory

Operating Systems: All operating systems running on affected AMD hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in AMD firmware/bootloader components, not in the operating system itself. All systems with affected AMD processors are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker achieves persistent code execution at bootloader level, potentially compromising the entire system before OS loads, leading to complete system takeover and data exfiltration.

🟠

Likely Case

Information disclosure from bootloader memory, potentially exposing cryptographic keys, firmware secrets, or system configuration data.

🟢

If Mitigated

With proper firmware updates and secure boot enabled, the vulnerability is patched and exploitation attempts are blocked.

🌐 Internet-Facing: LOW - This vulnerability requires local access or compromised system components, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Malicious insiders or compromised internal systems could exploit this to gain elevated privileges and persist across reboots.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires compromising UApp or ABL first, then crafting specific malformed system calls. This is a multi-stage attack requiring significant technical expertise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in AMD-SB-4001 advisory

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Restart Required: Yes

Instructions:

1. Visit AMD advisory page. 2. Identify your processor model. 3. Download appropriate firmware update from motherboard/system manufacturer. 4. Apply firmware update following manufacturer instructions. 5. Reboot system.

🔧 Temporary Workarounds

Secure Boot Enforcement

all

Enable and enforce Secure Boot to prevent unauthorized bootloader modifications

Restrict Physical Access

all

Limit physical access to systems to prevent local bootloader attacks

🧯 If You Can't Patch

Isolate affected systems from critical networks and sensitive data
Implement strict access controls and monitoring for systems with vulnerable firmware

🔍 How to Verify

Check if Vulnerable:

Check current firmware version against AMD advisory. Use manufacturer-specific tools like 'dmidecode' on Linux or system BIOS/UEFI interface.

Check Version:

Linux: 'sudo dmidecode -t bios' or 'sudo cat /sys/class/dmi/id/bios_version'. Windows: 'wmic bios get smbiosbiosversion'

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in AMD advisory. Check that Secure Boot is enabled and functioning.

📡 Detection & Monitoring

Log Indicators:

Unexpected system reboots
Bootloader modification attempts
Secure Boot violations

Network Indicators:

Unusual outbound connections during boot process
Attempts to exfiltrate firmware-related data

SIEM Query:

EventID=12 OR EventID=13 (System startup/shutdown) combined with firmware modification alerts

📊 Metadata

CVE ID: CVE-2021-46760

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: May 9, 2023

Last Updated: January 27, 2025

🔗 References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ryzen 3945wx Firmware by Amd

Ryzen 3945wx Firmware by Amd

Ryzen 3945wx Firmware by Amd

Ryzen 3955wx Firmware by Amd

Ryzen 3955wx Firmware by Amd

Ryzen 3955wx Firmware by Amd

Ryzen 3960x Firmware by Amd

Ryzen 3960x Firmware by Amd

Ryzen 3960x Firmware by Amd

Ryzen 3970x Firmware by Amd

Ryzen 3970x Firmware by Amd

Ryzen 3970x Firmware by Amd

Ryzen 3975wx Firmware by Amd

Ryzen 3975wx Firmware by Amd

Ryzen 3975wx Firmware by Amd

Ryzen 3990x Firmware by Amd

Ryzen 3990x Firmware by Amd

Ryzen 3990x Firmware by Amd

Ryzen 3995wx Firmware by Amd

Ryzen 3995wx Firmware by Amd

Ryzen 3995wx Firmware by Amd

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Secure Boot Enforcement

Restrict Physical Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities