CVE-2021-26327
Vulnerability from cvelistv5
Published
2021-11-16 18:18
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
AMD | 3rd Gen AMD EPYC™ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:18:25", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26327", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26327", "datePublished": "2021-11-16T18:18:25.899504Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T02:42:07.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-26327\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2021-11-16T19:15:07.987\",\"lastModified\":\"2021-11-19T16:15:31.937\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.\"},{\"lang\":\"es\",\"value\":\"Una comprobaci\u00f3n insuficiente del contexto del hu\u00e9sped en el Firmware SNP podr\u00eda conllevar una potencial p\u00e9rdida de confidencialidad del hu\u00e9sped\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]},{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"85F21749-D015-4195-BCF5-0EC546559090\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C912AA31-FB2D-4BD9-B1BD-3C8D7EEE771C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"2C7CAA93-4553-4EE7-8DED-4E607F62DAF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F98FF1A-3A2B-4CED-AEA2-9C4F2AC2D8C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"C793CE0D-A5D2-4279-8A2E-056C0E34DCD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02B61B7-7DD3-4164-8D32-EB961E981BC9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"C951EB53-A85E-4AC3-8076-167AD244B605\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9000686A-DC2B-4561-9C32-E90890EB2EBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"AA050CB2-9587-4534-A766-D434ED2BA2BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B9C24B-2C10-4826-A91B-E1C60665FBBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"B09197BA-5C2D-4616-BADF-A6D2FE9FB044\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678C5F58-8AE9-46FF-8F01-4CF394C87A2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"85E3C6E9-D601-4BC0-99B8-118D1CCAE1D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1766FF1-77A9-4293-B826-F6A8FBD7AFBF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"AC530984-C23F-4C2A-B07A-689C69C08EC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C474537-3006-41BA-8C3D-5C370E3ACECD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"1271AB1A-2AD6-4837-801F-53B25724AD06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2B13CA-72F4-4CF6-9E12-62E6E9056A14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"7596F9F6-7216-4A6C-A1A4-02F1719A5506\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"241E39FF-FE66-444C-A4C2-3D28C45341BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"01FE866B-C654-4A7A-B65A-A3BEFA896D87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D08121-DC57-47D7-8214-23A209F0AF08\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"0655082D-02E4-4708-B749-F035E87A3CCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8264DF4-47B4-4716-AE89-44AFA870D385\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"30CDB8F3-A757-449B-A66E-3F0E443E6001\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52544912-FAA3-4025-A5FD-151B21CEC53B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"8F375A23-E6B5-4998-960D-764AE7F2E202\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A0A47B-74A1-4731-92A8-BC10FFE58ECF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"1DD8F2DC-5263-4FDF-B13A-70A4D15361A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBF0AFED-588A-4EFB-8C90-9280BC3A6720\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"FA78545E-FDD6-49DA-8DDD-F1FB504EC59A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98E1D79D-0CB0-4FD9-8A82-27CDFBFE07B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DFCB62-6CDF-4AD2-9265-1887E5780CA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"A9B05DF1-54B5-4C8D-ABEB-489D0ED90FFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D698D3E-BB05-4C65-90F4-8DAE275CD6A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"FD918198-F9C6-41B3-A338-F64DEBCC017C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2299ED50-B4D2-4BB3-AD87-56D552B84AE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"5BB074EC-A5CC-4E6A-8CDF-80B0E04D70B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F900BDD-F094-41A6-9A23-31F53DBA95D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.4\",\"matchCriteriaId\":\"89BE6D92-D0B1-4092-ACB7-DE987FC026B5\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.