CVE-2021-46754

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.

Published: 2023-05-09 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-46754 is rated Moderate Risk (55.9/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.32%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-46754

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-31 0.17% 0.32% +0.15%
2 2025-11-21 0.27% 0.17% -0.10%
3 2025-11-18 0.27%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-46754

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.1 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 5.2 [email protected]

Weakness enumeration for CVE-2021-46754

Affected software / configurations for CVE-2021-46754

Vendor Product Version Raw CPE
amd ryzen_5300g_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5300g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5300ge_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5300ge_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5500_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5500_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5600_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5600_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5600g_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5600g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5600ge_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5600ge_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5600x_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5600x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5700g_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5700g_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5700ge_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5700ge_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5700x_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5700x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5800_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5800_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5800x3d_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5800x3d_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5800x_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5800x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5900_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5900_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5900x_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5900x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5945wx_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5945wx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5950x_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5950x_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5955wx_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5955wx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5965wx_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5965wx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5975wx_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5975wx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_5995wx_firmware cezannepi-fp6_1.0.0.6 cpe:2.3:o:amd:ryzen_5995wx_firmware:cezannepi-fp6_1.0.0.6:*:*:*:*:*:*:*
amd ryzen_3100_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3100_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3100_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3100_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3100_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3100_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3100_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3100_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3100_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3100_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3300x_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3300x_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3300x_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3300x_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3300x_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3300x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3300x_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3300x_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3300x_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3300x_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3500_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3500_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3500_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3500_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3500_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3500_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3500_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3500_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3500_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3500_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3500x_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3500x_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3500x_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3500x_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3500x_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3500x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3500x_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3500x_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3500x_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3500x_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3600_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3600_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3600_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3600_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3600_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3600_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3600_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3600_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3600_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3600_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3600x_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3600x_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3600x_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3600x_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3600x_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3600x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3600x_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3600x_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3600x_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3600x_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3600xt_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3600xt_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3600xt_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3600xt_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3600xt_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3600xt_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3600xt_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3600xt_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3600xt_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3600xt_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3800x_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3800x_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3800x_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3800x_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3800x_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3800x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3800x_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3800x_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3800x_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3800x_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3800xt_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3800xt_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3800xt_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3800xt_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3800xt_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3800xt_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3800xt_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3800xt_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3800xt_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3800xt_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3900_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3900_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3900_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3900_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3900_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3900_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3900_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3900_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3900_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3900_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3900x_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3900x_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3900x_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3900x_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3900x_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3900x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3900x_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3900x_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
amd ryzen_3900x_firmware renoirpi-fp6_1.0.0.7 cpe:2.3:o:amd:ryzen_3900x_firmware:renoirpi-fp6_1.0.0.7:*:*:*:*:*:*:*
amd ryzen_3900xt_firmware comboam4pi_1.0.0.9 cpe:2.3:o:amd:ryzen_3900xt_firmware:comboam4pi_1.0.0.9:*:*:*:*:*:*:*
amd ryzen_3900xt_firmware comboam4v2_pi_1.2.0.5 cpe:2.3:o:amd:ryzen_3900xt_firmware:comboam4v2_pi_1.2.0.5:*:*:*:*:*:*:*
amd ryzen_3900xt_firmware comboam4v2_pi_1.2.0.8 cpe:2.3:o:amd:ryzen_3900xt_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
amd ryzen_3900xt_firmware picassopi-fp5_1.0.0.e cpe:2.3:o:amd:ryzen_3900xt_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*

References for CVE-2021-46754

cvelogic Threat Intelligence