Lucene search

AMDCVE-2021-26318

HistoryOct 13, 2021 - 7:15 p.m.

CVE-2021-26318

2021-10-1319:15:07

CWE-203

CWE-208

AMD

web.nvd.nist.gov

cve-2021-26318

side channel attack

x86 prefetch

amd cpus

kernel address space

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

12.6%

JSON

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

Affected configurations

Nvd

Node

amdathlon_firmwareMatch-

AND

amdathlonMatch-

Node

amdathlon_pro_firmwareMatch-

AND

amdathlon_proMatch-

Node

amdepyc_firmwareMatch-

AND

amdepycMatch-

Node

amdryzen_firmwareMatch-

AND

amdryzenMatch-

Node

amdryzen_pro_firmwareMatch-

AND

amdryzen_proMatch-

VendorProductVersionCPE
amdathlon_firmware-cpe:2.3:o:amd:athlon_firmware:-:*:*:*:*:*:*:*
amdathlon-cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*
amdathlon_pro_firmware-cpe:2.3:o:amd:athlon_pro_firmware:-:*:*:*:*:*:*:*
amdathlon_pro-cpe:2.3:h:amd:athlon_pro:-:*:*:*:*:*:*:*
amdepyc_firmware-cpe:2.3:o:amd:epyc_firmware:-:*:*:*:*:*:*:*
amdepyc-cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*
amdryzen_firmware-cpe:2.3:o:amd:ryzen_firmware:-:*:*:*:*:*:*:*
amdryzen-cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*
amdryzen_pro_firmware-cpe:2.3:o:amd:ryzen_pro_firmware:-:*:*:*:*:*:*:*
amdryzen_pro-cpe:2.3:h:amd:ryzen_pro:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
amd	athlon_firmware	-	cpe:2.3:o:amd:athlon_firmware:-:::::::*
amd	athlon	-	cpe:2.3:h:amd:athlon:-:::::::*
amd	athlon_pro_firmware	-	cpe:2.3:o:amd:athlon_pro_firmware:-:::::::*
amd	athlon_pro	-	cpe:2.3:h:amd:athlon_pro:-:::::::*
amd	epyc_firmware	-	cpe:2.3:o:amd:epyc_firmware:-:::::::*
amd	epyc	-	cpe:2.3:h:amd:epyc:-:::::::*
amd	ryzen_firmware	-	cpe:2.3:o:amd:ryzen_firmware:-:::::::*
amd	ryzen	-	cpe:2.3:h:amd:ryzen:-:::::::*
amd	ryzen_pro_firmware	-	cpe:2.3:o:amd:ryzen_pro_firmware:-:::::::*
amd	ryzen_pro	-	cpe:2.3:h:amd:ryzen_pro:-:::::::*

CNA Affected

[
  {
    "product": "All supported processors",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "undefined",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-26318