Lucene search

[email protected]CVE-2021-26311

HistoryMay 13, 2021 - 12:15 p.m.

CVE-2021-26311

2021-05-1312:15:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-26311

amd

sev

sev-es

attestation mechanism

memory rearrangement

arbitrary code execution

hypervisor security

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

Affected configurations

NVD

Node

amdepyc_7232pMatch-

amdepyc_7251Match-

amdepyc_7252Match-

amdepyc_7261Match-

amdepyc_7262Match-

amdepyc_7272Match-

amdepyc_7281Match-

amdepyc_7282Match-

amdepyc_72f3Match-

amdepyc_7301Match-

amdepyc_7302Match-

amdepyc_7302pMatch-

amdepyc_7313Match-

amdepyc_7313pMatch-

amdepyc_7343Match-

amdepyc_7351Match-

amdepyc_7351pMatch-

amdepyc_7352Match-

amdepyc_7371Match-

amdepyc_73f3Match-

amdepyc_7401Match-

amdepyc_7401pMatch-

amdepyc_7402Match-

amdepyc_7402pMatch-

amdepyc_7413Match-

amdepyc_7443Match-

amdepyc_7443pMatch-

amdepyc_7451Match-

amdepyc_7452Match-

amdepyc_7453Match-

amdepyc_74f3Match-

amdepyc_7501Match-

amdepyc_7502Match-

amdepyc_7502pMatch-

amdepyc_7513Match-

amdepyc_7532Match-

amdepyc_7542Match-

amdepyc_7543Match-

amdepyc_7543pMatch-

amdepyc_7551Match-

amdepyc_7551pMatch-

amdepyc_7552Match-

amdepyc_75f3Match-

amdepyc_7601Match-

amdepyc_7642Match-

amdepyc_7643Match-

amdepyc_7662Match-

amdepyc_7663Match-

amdepyc_7702Match-

amdepyc_7702pMatch-

amdepyc_7713Match-

amdepyc_7713pMatch-

amdepyc_7742Match-

amdepyc_7763Match-

amdepyc_7f32Match-

amdepyc_7f52Match-

amdepyc_7f72Match-

amdepyc_7h12Match-

amdepyc_embedded_3101Match-

amdepyc_embedded_3151Match-

amdepyc_embedded_3201Match-

amdepyc_embedded_3251Match-

amdepyc_embedded_3255Match-

amdepyc_embedded_3351Match-

amdepyc_embedded_3451Match-

CPENameOperatorVersion
amd:epyc_7232pamd epyc 7232peq-
amd:epyc_7251amd epyc 7251eq-
amd:epyc_7252amd epyc 7252eq-
amd:epyc_7261amd epyc 7261eq-
amd:epyc_7262amd epyc 7262eq-
amd:epyc_7272amd epyc 7272eq-
amd:epyc_7281amd epyc 7281eq-
amd:epyc_7282amd epyc 7282eq-
amd:epyc_72f3amd epyc 72f3eq-
amd:epyc_7301amd epyc 7301eq-

CPE	Name	Operator	Version
amd:epyc_7232p	amd epyc 7232p	eq	-
amd:epyc_7251	amd epyc 7251	eq	-
amd:epyc_7252	amd epyc 7252	eq	-
amd:epyc_7261	amd epyc 7261	eq	-
amd:epyc_7262	amd epyc 7262	eq	-
amd:epyc_7272	amd epyc 7272	eq	-
amd:epyc_7281	amd epyc 7281	eq	-
amd:epyc_7282	amd epyc 7282	eq	-
amd:epyc_72f3	amd epyc 72f3	eq	-
amd:epyc_7301	amd epyc 7301	eq	-

Rows per page:

1-10 of 651

CNA Affected

[
  {
    "product": "SEV/SEV-ES",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "SEV-SNP",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004

Social References

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for CVE-2021-26311

nvd1 cvelist1 prion1 amd1 lenovo1