Lucene search

AMDCVELIST:CVE-2021-26311

HistoryMay 13, 2021 - 11:06 a.m.

CVE-2021-26311 AMD Secure Encrypted Virtualization

2021-05-1311:06:17

AMD

www.cve.org

amd

sev

sev-es

memory

rearrangement

vulnerability

attestation

hypervisor

arbitrary code execution

guest vm

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

CNA Affected

[
  {
    "product": "SEV/SEV-ES",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "SEV-SNP",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004