CVE-2021-26403

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AMD Secure Encrypted Virtualization (SEV) (affected versions not specified)

Description The issue is related to insufficient input validation in the implementation of AMD Secure Encrypted Virtualization (SEV) microcode in AMD processors. This could allow an attacker to gain unauthorized access to protected information. Specifically, insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret, potentially resulting in the compromise of VM confidentiality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-20

Related Identifiers

BDU:2023-00894

CVE-2021-26403

Affected Products

Amd Secure Encrypted Virtualization

CVE-2021-26403

Weakness Enumeration

Related Identifiers

Affected Products

References · 7