1. Home
  2. CVE Database
  3. CVE-2021-26340
HIGH · 8.4

CVE-2021-26340

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior insi...

Vulnerability Description

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
AmdEpyc 7001 Firmware-
AmdEpyc 7001-
AmdEpyc 7232P Firmware-
AmdEpyc 7232P-
AmdEpyc 7251 Firmware-
AmdEpyc 7251-
AmdEpyc 7261 Firmware-
AmdEpyc 7261-
AmdEpyc 7252 Firmware-
AmdEpyc 7252-
AmdEpyc 74F3 Firmware-
AmdEpyc 74F3-
AmdEpyc 7501 Firmware-
AmdEpyc 7501-
AmdEpyc 7502 Firmware-
AmdEpyc 7502-
AmdEpyc 7502P Firmware-
AmdEpyc 7502P-
AmdEpyc 7513 Firmware-
AmdEpyc 7513-

References

FAQ

What is CVE-2021-26340?

CVE-2021-26340 is a vulnerability with a CVSS score of 8.4 (HIGH). A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior insi...

How severe is CVE-2021-26340?

CVE-2021-26340 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26340?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7001 Firmware, Amd Epyc 7001, Amd Epyc 7232P Firmware, Amd Epyc 7232P, Amd Epyc 7251 Firmware.