CVE-2021-26406

3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 58.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
52
AMD 1ST GEN AMD Epyc™ ProcessorsAMD 2ND GEN AMD Epyc™ ProcessorsAMD 2ND GEN AMD Ryzen™ Threadripper™ Processors “colfax”+49 more
Timeline
PublishedMay 9

Description

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages52 packages

NVDamd/epyc_7251_firmwarenaplespi_1.0.0.e
NVDamd/epyc_7252_firmwareromepi_1.0.0.a
NVDamd/epyc_7261_firmwarenaplespi_1.0.0.e
NVDamd/epyc_7262_firmwareromepi_1.0.0.a
NVDamd/epyc_7272_firmwareromepi_1.0.0.a

🔴Vulnerability Details

2
CVEList
CVE-2021-26406: Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user appli2023-05-09
GHSA
GHSA-r2pm-cwg9-cpwh: Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user appli2023-05-09
CVE-2021-26406 (HIGH CVSS 7.5) | Insufficient validation in parsing | cvebase.io