1. Home
  2. CVE Database
  3. CVE-2021-26311
HIGH · 7.2

CVE-2021-26311

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead t...

Vulnerability Description

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmdEpyc 7232P-
AmdEpyc 7251-
AmdEpyc 7252-
AmdEpyc 7261-
AmdEpyc 7262-
AmdEpyc 7272-
AmdEpyc 7281-
AmdEpyc 7282-
AmdEpyc 72F3-
AmdEpyc 7301-
AmdEpyc 7302-
AmdEpyc 7302P-
AmdEpyc 7313-
AmdEpyc 7313P-
AmdEpyc 7343-
AmdEpyc 7351-
AmdEpyc 7351P-
AmdEpyc 7352-
AmdEpyc 7371-
AmdEpyc 73F3-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-26311?

CVE-2021-26311 is a vulnerability with a CVSS score of 7.2 (HIGH). In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead t...

How severe is CVE-2021-26311?

CVE-2021-26311 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26311?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7232P, Amd Epyc 7251, Amd Epyc 7252, Amd Epyc 7261, Amd Epyc 7262.