PT-2021-17008 · Amd · 3Rd Gen Amd Epyc™+16

Cfir Cohen

Published

2021-11-16

Updated

2021-11-19

CVE-2021-26327

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.

Description The issue is related to insufficient validation of guest context in the SNP Firmware, which could potentially lead to a loss of guest confidentiality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-20

Related Identifiers

CVE-2021-26327

Affected Products

3Rd Gen Amd Epyc™

Epyc 7003 Firmware

Epyc 72F3 Firmware

Epyc 7313P Firmware

Epyc 7343 Firmware

Epyc 73F3 Firmware

Epyc 7413 Firmware

Epyc 7443P Firmware

Epyc 7453 Firmware

Epyc 74F3 Firmware

Epyc 7513 Firmware

Epyc 7543P Firmware

Epyc 75F3 Firmware

Epyc 7643 Firmware

Epyc 7663 Firmware

Epyc 7713P Firmware

Epyc 7763 Firmware

PT-2021-17008 · Amd · 3Rd Gen Amd Epyc™+16

CVE-2021-26327

Weakness Enumeration

Related Identifiers

Affected Products

References · 3