CVE-2021-26326

nvd nist

Published: Nov 16, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity.

Affected (20)

Products: Amd: Epyc 7232p Firmware, Epyc 7763 Firmware, Epyc 7713p Firmware, Epyc 7713 Firmware, Epyc 7663 Firmware, Epyc 7643 Firmware, Epyc 75f3 Firmware, Epyc 7543p Firmware, Epyc 7543 Firmware, Epyc 7513 Firmware, Epyc 7453 Firmware, Epyc 74f3 Firmware, Epyc 7443p Firmware, Epyc 7443 Firmware, Epyc 7413 Firmware, Epyc 73f3 Firmware, Epyc 7343 Firmware, Epyc 7313p Firmware, Epyc 7313 Firmware, Epyc 72f3 Firmware

20 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7232p Firmware	Before romepi-sp3_1.0.0.c

Running on/with	Platform Versions
Amd Epyc 7232p	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7763 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7763	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7713p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7713p	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7713 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7713	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7663 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7663	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7643 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7643	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 75f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 75f3	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7543p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7543p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7543 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7543	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7513 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7513	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7453 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7453	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 74f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 74f3	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7443p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7443p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7443 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7443	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7413 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7413	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 73f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 73f3	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7343 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7343	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7313p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7313p	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7313 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7313	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 72f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 72f3	All versions

Related CWEs

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (2)

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Source: psirt@amd.com

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.