CVE-2021-26407

2023-01-1020:56:45

AMD

www.cve.org

cve-2021-26407

initialization vector

information disclosure

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "2nd Gen EPYC",
    "vendor": " AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032