CVE-2021-46773

8.8 HIGH

📋 TL;DR

This vulnerability in AMD's ABL (AGESA Boot Loader) allows a privileged attacker to corrupt ASP (AMD Secure Processor) memory through insufficient input validation. This could lead to code execution or integrity loss on affected AMD systems. The vulnerability affects systems with specific AMD processors and firmware versions.

💻 Affected Systems

Products:

• AMD EPYC processors
• AMD Ryzen processors with AMD Secure Processor

Versions: Specific AGESA firmware versions prior to patches released in 2021

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD processors with AMD Secure Processor technology and vulnerable firmware versions. Physical access or local privileged access needed.

📦 What is this software?

Ryzen 1200 \(af\) Firmware by Amd

View all CVEs affecting Ryzen 1200 \(af\) Firmware →

Ryzen 1200 \(af\) Firmware by Amd

View all CVEs affecting Ryzen 1200 \(af\) Firmware →

Ryzen 1600 \(af\) Firmware by Amd

View all CVEs affecting Ryzen 1600 \(af\) Firmware →

Ryzen 1600 \(af\) Firmware by Amd

View all CVEs affecting Ryzen 1600 \(af\) Firmware →

Ryzen 2200g Firmware by Amd

View all CVEs affecting Ryzen 2200g Firmware →

Ryzen 2200g Firmware by Amd

View all CVEs affecting Ryzen 2200g Firmware →

Ryzen 2200ge Firmware by Amd

View all CVEs affecting Ryzen 2200ge Firmware →

Ryzen 2200ge Firmware by Amd

View all CVEs affecting Ryzen 2200ge Firmware →

Ryzen 2300x Firmware by Amd

View all CVEs affecting Ryzen 2300x Firmware →

Ryzen 2300x Firmware by Amd

View all CVEs affecting Ryzen 2300x Firmware →

Ryzen 2400g Firmware by Amd

View all CVEs affecting Ryzen 2400g Firmware →

Ryzen 2400g Firmware by Amd

View all CVEs affecting Ryzen 2400g Firmware →

Ryzen 2400ge Firmware by Amd

View all CVEs affecting Ryzen 2400ge Firmware →

Ryzen 2400ge Firmware by Amd

View all CVEs affecting Ryzen 2400ge Firmware →

Ryzen 2500x Firmware by Amd

View all CVEs affecting Ryzen 2500x Firmware →

Ryzen 2500x Firmware by Amd

View all CVEs affecting Ryzen 2500x Firmware →

Ryzen 2600 Firmware by Amd

View all CVEs affecting Ryzen 2600 Firmware →

Ryzen 2600 Firmware by Amd

View all CVEs affecting Ryzen 2600 Firmware →

Ryzen 2600e Firmware by Amd

View all CVEs affecting Ryzen 2600e Firmware →

Ryzen 2600e Firmware by Amd

View all CVEs affecting Ryzen 2600e Firmware →

Ryzen 2600x Firmware by Amd

View all CVEs affecting Ryzen 2600x Firmware →

Ryzen 2600x Firmware by Amd

View all CVEs affecting Ryzen 2600x Firmware →

Ryzen 2700 Firmware by Amd

View all CVEs affecting Ryzen 2700 Firmware →

Ryzen 2700 Firmware by Amd

View all CVEs affecting Ryzen 2700 Firmware →

Ryzen 2700e Firmware by Amd

View all CVEs affecting Ryzen 2700e Firmware →

Ryzen 2700e Firmware by Amd

View all CVEs affecting Ryzen 2700e Firmware →

Ryzen 2700x Firmware by Amd

View all CVEs affecting Ryzen 2700x Firmware →

Ryzen 2700x Firmware by Amd

View all CVEs affecting Ryzen 2700x Firmware →

Ryzen 2920x Firmware by Amd

View all CVEs affecting Ryzen 2920x Firmware →

Ryzen 2920x Firmware by Amd

View all CVEs affecting Ryzen 2920x Firmware →

Ryzen 2950x Firmware by Amd

View all CVEs affecting Ryzen 2950x Firmware →

Ryzen 2950x Firmware by Amd

View all CVEs affecting Ryzen 2950x Firmware →

Ryzen 2970wx Firmware by Amd

View all CVEs affecting Ryzen 2970wx Firmware →

Ryzen 2970wx Firmware by Amd

View all CVEs affecting Ryzen 2970wx Firmware →

Ryzen 2990wx Firmware by Amd

View all CVEs affecting Ryzen 2990wx Firmware →

Ryzen 2990wx Firmware by Amd

View all CVEs affecting Ryzen 2990wx Firmware →

Ryzen 3100 Firmware by Amd

View all CVEs affecting Ryzen 3100 Firmware →

Ryzen 3100 Firmware by Amd

View all CVEs affecting Ryzen 3100 Firmware →

Ryzen 3100 Firmware by Amd

View all CVEs affecting Ryzen 3100 Firmware →

Ryzen 3300x Firmware by Amd

View all CVEs affecting Ryzen 3300x Firmware →

Ryzen 3300x Firmware by Amd

View all CVEs affecting Ryzen 3300x Firmware →

Ryzen 3300x Firmware by Amd

View all CVEs affecting Ryzen 3300x Firmware →

Ryzen 3500 Firmware by Amd

View all CVEs affecting Ryzen 3500 Firmware →

Ryzen 3500 Firmware by Amd

View all CVEs affecting Ryzen 3500 Firmware →

Ryzen 3500 Firmware by Amd

View all CVEs affecting Ryzen 3500 Firmware →

Ryzen 3500x Firmware by Amd

View all CVEs affecting Ryzen 3500x Firmware →

Ryzen 3500x Firmware by Amd

View all CVEs affecting Ryzen 3500x Firmware →

Ryzen 3500x Firmware by Amd

View all CVEs affecting Ryzen 3500x Firmware →

Ryzen 3600 Firmware by Amd

View all CVEs affecting Ryzen 3600 Firmware →

Ryzen 3600 Firmware by Amd

View all CVEs affecting Ryzen 3600 Firmware →

Ryzen 3600 Firmware by Amd

View all CVEs affecting Ryzen 3600 Firmware →

Ryzen 3600x Firmware by Amd

View all CVEs affecting Ryzen 3600x Firmware →

Ryzen 3600x Firmware by Amd

View all CVEs affecting Ryzen 3600x Firmware →

Ryzen 3600x Firmware by Amd

View all CVEs affecting Ryzen 3600x Firmware →

Ryzen 3600xt Firmware by Amd

View all CVEs affecting Ryzen 3600xt Firmware →

Ryzen 3600xt Firmware by Amd

View all CVEs affecting Ryzen 3600xt Firmware →

Ryzen 3600xt Firmware by Amd

View all CVEs affecting Ryzen 3600xt Firmware →

Ryzen 3800x Firmware by Amd

View all CVEs affecting Ryzen 3800x Firmware →

Ryzen 3800x Firmware by Amd

View all CVEs affecting Ryzen 3800x Firmware →

Ryzen 3800x Firmware by Amd

View all CVEs affecting Ryzen 3800x Firmware →

Ryzen 3800xt Firmware by Amd

View all CVEs affecting Ryzen 3800xt Firmware →

Ryzen 3800xt Firmware by Amd

View all CVEs affecting Ryzen 3800xt Firmware →

Ryzen 3800xt Firmware by Amd

View all CVEs affecting Ryzen 3800xt Firmware →

Ryzen 3900 Firmware by Amd

View all CVEs affecting Ryzen 3900 Firmware →

Ryzen 3900 Firmware by Amd

View all CVEs affecting Ryzen 3900 Firmware →

Ryzen 3900 Firmware by Amd

View all CVEs affecting Ryzen 3900 Firmware →

Ryzen 3900x Firmware by Amd

View all CVEs affecting Ryzen 3900x Firmware →

Ryzen 3900x Firmware by Amd

View all CVEs affecting Ryzen 3900x Firmware →

Ryzen 3900x Firmware by Amd

View all CVEs affecting Ryzen 3900x Firmware →

Ryzen 3900xt Firmware by Amd

View all CVEs affecting Ryzen 3900xt Firmware →

Ryzen 3900xt Firmware by Amd

View all CVEs affecting Ryzen 3900xt Firmware →

Ryzen 3900xt Firmware by Amd

View all CVEs affecting Ryzen 3900xt Firmware →

Ryzen 3950x Firmware by Amd

View all CVEs affecting Ryzen 3950x Firmware →

Ryzen 3950x Firmware by Amd

View all CVEs affecting Ryzen 3950x Firmware →

Ryzen 3950x Firmware by Amd

View all CVEs affecting Ryzen 3950x Firmware →

Ryzen 5300g Firmware by Amd

View all CVEs affecting Ryzen 5300g Firmware →

Ryzen 5300ge Firmware by Amd

View all CVEs affecting Ryzen 5300ge Firmware →

Ryzen 5500 Firmware by Amd

View all CVEs affecting Ryzen 5500 Firmware →

Ryzen 5600 Firmware by Amd

View all CVEs affecting Ryzen 5600 Firmware →

Ryzen 5600g Firmware by Amd

View all CVEs affecting Ryzen 5600g Firmware →

Ryzen 5600ge Firmware by Amd

View all CVEs affecting Ryzen 5600ge Firmware →

Ryzen 5600x Firmware by Amd

View all CVEs affecting Ryzen 5600x Firmware →

Ryzen 5700g Firmware by Amd

View all CVEs affecting Ryzen 5700g Firmware →

Ryzen 5700ge Firmware by Amd

View all CVEs affecting Ryzen 5700ge Firmware →

Ryzen 5700x Firmware by Amd

View all CVEs affecting Ryzen 5700x Firmware →

Ryzen 5800 Firmware by Amd

View all CVEs affecting Ryzen 5800 Firmware →

Ryzen 5800x Firmware by Amd

View all CVEs affecting Ryzen 5800x Firmware →

Ryzen 5800x3d Firmware by Amd

View all CVEs affecting Ryzen 5800x3d Firmware →

Ryzen 5900 Firmware by Amd

View all CVEs affecting Ryzen 5900 Firmware →

Ryzen 5900x Firmware by Amd

View all CVEs affecting Ryzen 5900x Firmware →

Ryzen 5945wx Firmware by Amd

View all CVEs affecting Ryzen 5945wx Firmware →

Ryzen 5950x Firmware by Amd

View all CVEs affecting Ryzen 5950x Firmware →

Ryzen 5955wx Firmware by Amd

View all CVEs affecting Ryzen 5955wx Firmware →

Ryzen 5965wx Firmware by Amd

View all CVEs affecting Ryzen 5965wx Firmware →

Ryzen 5975wx Firmware by Amd

View all CVEs affecting Ryzen 5975wx Firmware →

Ryzen 5995wx Firmware by Amd

View all CVEs affecting Ryzen 5995wx Firmware →

Ryzen 6600h Firmware by Amd

View all CVEs affecting Ryzen 6600h Firmware →

Ryzen 6600hs Firmware by Amd

View all CVEs affecting Ryzen 6600hs Firmware →

Ryzen 6600u Firmware by Amd

View all CVEs affecting Ryzen 6600u Firmware →

Ryzen 6800h Firmware by Amd

View all CVEs affecting Ryzen 6800h Firmware →

Ryzen 6800hs Firmware by Amd

View all CVEs affecting Ryzen 6800hs Firmware →

Ryzen 6800u Firmware by Amd

View all CVEs affecting Ryzen 6800u Firmware →

Ryzen 6900hs Firmware by Amd

View all CVEs affecting Ryzen 6900hs Firmware →

Ryzen 6900hx Firmware by Amd

View all CVEs affecting Ryzen 6900hx Firmware →

Ryzen 6980hs Firmware by Amd

View all CVEs affecting Ryzen 6980hs Firmware →

Ryzen 6980hx Firmware by Amd

View all CVEs affecting Ryzen 6980hx Firmware →

Ryzen Pro 2100ge Firmware by Amd

View all CVEs affecting Ryzen Pro 2100ge Firmware →

Ryzen Pro 2100ge Firmware by Amd

View all CVEs affecting Ryzen Pro 2100ge Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker gains arbitrary code execution on the AMD Secure Processor, potentially compromising the entire system's security foundation and enabling persistent malware.

🟠

Likely Case

Privileged attacker causes system instability, crashes, or limited code execution within the secure processor environment.

🟢

If Mitigated

With proper access controls limiting privileged access, the vulnerability remains unexploited but presents a persistent risk.

🌐 Internet-Facing: LOW - Requires local privileged access, not directly exploitable over network.

🏢 Internal Only: HIGH - Malicious insiders or compromised administrative accounts could exploit this to gain deeper system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires deep understanding of AMD Secure Processor architecture and privileged access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AGESA firmware updates with version numbers specified in AMD-SB-4001

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001

Restart Required: Yes

Instructions:

1. Check system manufacturer's website for BIOS/UEFI updates. 2. Download appropriate firmware update for your system model. 3. Follow manufacturer's firmware update instructions carefully. 4. Reboot system to apply update.

🔧 Temporary Workarounds

Restrict privileged access

all

Limit administrative/root access to only necessary personnel and systems

Implement strict access controls

all

Use principle of least privilege and monitor privileged account activity

🧯 If You Can't Patch

• Isolate affected systems in secure network segments with strict access controls
• Implement enhanced monitoring for privileged account activity and system integrity checks

🔍 How to Verify

Check if Vulnerable:

Copy

Check current AGESA firmware version against patched versions listed in AMD-SB-4001 advisory

Check Version:

Copy

On Linux: 'sudo dmidecode -t bios' or check BIOS/UEFI settings; On Windows: 'wmic bios get smbiosbiosversion' or check System Information

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version after applying manufacturer's update

📡 Detection & Monitoring

Log Indicators:

• Unexpected system reboots
• BIOS/UEFI access logs showing unauthorized attempts
• Privileged account activity anomalies

Network Indicators:

• None - local exploitation only

SIEM Query:

Copy

Search for: 'privileged account access' AND ('BIOS' OR 'firmware' OR 'UEFI') AND 'unusual time' OR 'multiple failed attempts'

📊 Metadata

CVE ID: CVE-2021-46773

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: May 9, 2023

Last Updated: January 28, 2025

🔗 References

• https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory
• https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46773, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)

CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)

CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)