CVE-2021-26327

nvd nist

Published: Nov 16, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.

Affected (20)

Products: Amd: Epyc 7003 Firmware, Epyc 72f3 Firmware, Epyc 7313 Firmware, Epyc 7313p Firmware, Epyc 7343 Firmware, Epyc 73f3 Firmware, Epyc 7413 Firmware, Epyc 7443 Firmware, Epyc 7443p Firmware, Epyc 7453 Firmware, Epyc 74f3 Firmware, Epyc 7513 Firmware, Epyc 7543 Firmware, Epyc 7543p Firmware, Epyc 75f3 Firmware, Epyc 7643 Firmware, Epyc 7663 Firmware, Epyc 7713 Firmware, Epyc 7713p Firmware, Epyc 7763 Firmware

20 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7003 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7003	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 72f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 72f3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7313 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7313	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7313p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7313p	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7343 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7343	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 73f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 73f3	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7413 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7413	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7443 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7443	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7443p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7443p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7453 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7453	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 74f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 74f3	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7513 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7513	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7543 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7543	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7543p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7543p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 75f3 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 75f3	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7643 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7643	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7663 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7663	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7713 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7713	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7713p Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7713p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Epyc 7763 Firmware	Before milanpi-sp3_1.0.0.4

Running on/with	Platform Versions
Amd Epyc 7763	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Source: psirt@amd.com

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.