CVE-2021-26403

CWE-3453 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 91.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
43
AMD Epyc 7001 FirmwareAMD Epyc 7002 FirmwareAMD Epyc 7232p Firmware+40 more
Timeline
PublishedJan 11

Description

Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages43 packages

NVDamd/epyc_7001_firmware< naplespi_1.0.0.e
NVDamd/epyc_7002_firmware< romepi_1.0.0.9
NVDamd/epyc_7251_firmware< naplespi_1.0.0.e
NVDamd/epyc_7252_firmware< romepi_1.0.0.9
NVDamd/epyc_7261_firmware< naplespi_1.0.0.e

🔴Vulnerability Details

2
GHSA
GHSA-cfcv-rgx7-fw5j: Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality2023-01-11
CVEList
CVE-2021-26403: Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality2023-01-10
CVE-2021-26403 (MEDIUM CVSS 6.5) | Insufficient checks in SEV may lead | cvebase.io