CVE-2021-26342 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2021-26342?

CVE-2021-26342 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-26342?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware, Amd Epyc 7713P, Amd Epyc 7713 Firmware.

Vulnerability Description

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amd	Epyc 7763 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7763	-
Amd	Epyc 7713P Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7713P	-
Amd	Epyc 7713 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7713	-
Amd	Epyc 7663 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7663	-
Amd	Epyc 7643 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7643	-
Amd	Epyc 75F3 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 75F3	-
Amd	Epyc 7543P Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7543P	-
Amd	Epyc 7543 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7543	-
Amd	Epyc 7513 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7513	-
Amd	Epyc 7453 Firmware	< milanpi-sp3_1.0.0.7
Amd	Epyc 7453	-

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028Vendor Advisory

FAQ

What is CVE-2021-26342?

CVE-2021-26342 is a vulnerability with a CVSS score of 3.3 (LOW). In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). T...

How severe is CVE-2021-26342?

CVE-2021-26342 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26342?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713P Firmware, Amd Epyc 7713P, Amd Epyc 7713 Firmware.