CVE-2021-26328

CWE-3583 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 79.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
AMD Epyc 7003 FirmwareAMD Epyc 72f3 FirmwareAMD Epyc 7313 Firmware+22 more
Timeline
PublishedJan 11

Description

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages25 packages

NVDamd/epyc_7003_firmware< milanpi_1.0.0.8
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.8
NVDamd/epyc_7313_firmware< milanpi_1.0.0.8
NVDamd/epyc_7343_firmware< milanpi_1.0.0.8
NVDamd/epyc_73f3_firmware< milanpi_1.0.0.8

🔴Vulnerability Details

2
GHSA
GHSA-fg37-647w-pgrp: Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests2023-01-11
CVEList
CVE-2021-26328: Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests2023-01-10
CVE-2021-26328 (MEDIUM CVSS 4.4) | Failure to verify the mode of CPU e | cvebase.io