CVE-2021-46744

CWE-203 CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 71.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD AMD Processors

Timeline

PublishedMay 11

Latest updateMay 12

Description

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5amd/amd_processorsProcessor EPYC

🔴Vulnerability Details

GHSA

GHSA-4mvg-3c82-rv73: An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values ove↗2022-05-12

▶

CVEList

CVE-2021-46744: An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values ove↗2022-05-11

▶