CVE-2021-26322

CWE-320CWE-3303 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 39.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
60
AMD 1ST GEN AMD Epyc™AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™+57 more
Timeline
PublishedNov 16
Latest updateMay 24

Description

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages60 packages

CVEListV5amd/1st_gen_amd_epyc™unspecifiedNaplesPI-SP3_1.0.0.G
CVEListV5amd/2nd_gen_amd_epyc™unspecifiedRomePI-SP3_1.0.0.C
CVEListV5amd/3rd_gen_amd_epyc™unspecifiedMilanPI-SP3_1.0.0.4
NVDamd/epyc_7251_firmware< naplespi-sp3_1.0.0.g
NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.c

🔴Vulnerability Details

2
GHSA
GHSA-q556-rcvc-qq2m: Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”2022-05-24
CVEList
CVE-2021-26322: Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”2021-11-16
CVE-2021-26322 (HIGH CVSS 7.5) | Persistent platform private key may | cvebase.io