CVE-2021-26401 — MEDIUM (5.6)

Vulnerability Description

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amd	Athlon X4 940 Firmware	-
Amd	Athlon X4 940	-
Amd	Athlon X4 950 Firmware	-
Amd	Athlon X4 950	-
Amd	Athlon X4 970 Firmware	-
Amd	Athlon X4 970	-
Amd	Athlon X4 835 Firmware	-
Amd	Athlon X4 835	-
Amd	Athlon X4 845 Firmware	-
Amd	Athlon X4 845	-
Amd	Athlon X4 830 Firmware	-
Amd	Athlon X4 830	-
Amd	Athlon X4 840 Firmware	-
Amd	Athlon X4 840	-
Amd	Athlon X4 860K Firmware	-
Amd	Athlon X4 860K	-
Amd	Athlon X4 870K Firmware	-
Amd	Athlon X4 870K	-
Amd	Athlon X4 880K Firmware	-
Amd	Athlon X4 880K	-

References

http://www.openwall.com/lists/oss-security/2022/03/18/2Mailing ListThird Party Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/03/18/2Mailing ListThird Party Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036Vendor Advisory

FAQ

What is CVE-2021-26401?

CVE-2021-26401 is a vulnerability with a CVSS score of 5.6 (MEDIUM). LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

How severe is CVE-2021-26401?

CVE-2021-26401 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26401?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Athlon X4 940 Firmware, Amd Athlon X4 940, Amd Athlon X4 950 Firmware, Amd Athlon X4 950, Amd Athlon X4 970 Firmware.