CVE-2021-46747 PUBLISHED

Assigner: AMD
Reserved: 31.03.2022 Published: 01.06.2026 Updated: 02.06.2026

Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	High	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version PicassoPI-FP5 1.0.0.E is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Versions	Default: affected Version CastlePeakWSPI-sWRX8 1.0.0.9 is unaffected Version ChagallWSPI-sWRX8 1.0.0.2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
Versions	Default: affected Version ComboAM4v2 PI 1.2.0.6 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Versions	Default: affected Version ChagallWSPI-sWRX8 1.0.0.1 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version RenoirPI-FP6 1.0.0.8 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version PicassoPI-FP5 1.0.0.E is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version CezannePI-FP6 1.0.0.9 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Desktop Processors
Versions	Default: affected Version ComboAM4PI 1.0.0.9/ComboAM4 V2 PI 1.2.0.8 is unaffected

Vendor	AMD
Product	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
Versions	Default: affected Version ComboAM4v2 PI 1.2.0.8 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version CezannePI-FP6 1.0.0.9 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Desktop Processors
Versions	Default: affected Version ComboAM4v2 PI 1.2.0.6 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Desktop Processors
Versions	Default: affected Version ComboAM4 V2 PI 1.2.0.8 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded R1000 Series Processors
Versions	Default: affected Version EmbeddedPI-FP5_1.2.0.A is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded R2000 Series Processors
Versions	Default: affected Version EmbeddedPI-FP5_1002 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 5000 Series Processors
Versions	Default: affected Version EmbAM4PI 1.0.0.2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")
Versions	Default: affected Version EmbeddedPI-FP5_1.2.0.A is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso")
Versions	Default: affected Version EmbeddedPI-FP5_1.2.0.A is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V2000 Series Processors
Versions	Default: affected Version EmbeddedPI-FP6_1.0.0.6 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V3000 Series Processors
Versions	Default: affected Version EmbeddedPI-FP7r2_0080 is unaffected

Vendor	AMD
Product	AMD Radeon™ RX 5000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W5000 Series Graphics Products
Versions	Default: affected Version AMD Software: PRO Edition 25.Q3.1 (25.10.32) is unaffected

Vendor	AMD
Product	AMD Radeon™ RX 6000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) is unaffected

Vendor	AMD
Product	AMD Radeon™ RX 7000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W6000 Series Graphics Products
Versions	Default: affected Version AMD Software: PRO Edition 25.Q3.1 (25.10.32) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W7000 Series Graphics Products
Versions	Default: affected Version AMD Software: PRO Edition 25.Q3.1 (25.10.32) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V520
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V620
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

References

Problem Types

CWE-1220 Insufficient Granularity of Access Control CWE