fkie_cve-2021-26404
Vulnerability from fkie_nvd
Published
2023-01-11 08:15
Modified
2024-11-21 05:56
Severity ?
Summary
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amd | epyc_7003_firmware | * | |
| amd | epyc_7003 | - | |
| amd | epyc_7313_firmware | * | |
| amd | epyc_7313 | - | |
| amd | epyc_7313p_firmware | * | |
| amd | epyc_7313p | - | |
| amd | epyc_7343_firmware | * | |
| amd | epyc_7343 | - | |
| amd | epyc_7373x_firmware | * | |
| amd | epyc_7373x | - | |
| amd | epyc_73f3_firmware | * | |
| amd | epyc_73f3 | - | |
| amd | epyc_7413_firmware | * | |
| amd | epyc_7413 | - | |
| amd | epyc_7443_firmware | * | |
| amd | epyc_7443 | - | |
| amd | epyc_7443p_firmware | * | |
| amd | epyc_7443p | - | |
| amd | epyc_7453_firmware | * | |
| amd | epyc_7453 | - | |
| amd | epyc_7473x_firmware | * | |
| amd | epyc_7473x | - | |
| amd | epyc_74f3_firmware | * | |
| amd | epyc_74f3 | - | |
| amd | epyc_7513_firmware | * | |
| amd | epyc_7513 | - | |
| amd | epyc_7543_firmware | * | |
| amd | epyc_7543 | - | |
| amd | epyc_7543p_firmware | * | |
| amd | epyc_7543p | - | |
| amd | epyc_7573x_firmware | * | |
| amd | epyc_7573x | - | |
| amd | epyc_7643_firmware | * | |
| amd | epyc_7643 | - | |
| amd | epyc_75f3_firmware | * | |
| amd | epyc_75f3 | - | |
| amd | epyc_7663_firmware | * | |
| amd | epyc_7663 | - | |
| amd | epyc_7713_firmware | * | |
| amd | epyc_7713 | - | |
| amd | epyc_7713p_firmware | * | |
| amd | epyc_7713p | - | |
| amd | epyc_7763_firmware | * | |
| amd | epyc_7763 | - | |
| amd | epyc_7773x_firmware | * | |
| amd | epyc_7773x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F43FE6B-1CE0-4C93-B457-385D60D0BC7E",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C912AA31-FB2D-4BD9-B1BD-3C8D7EEE771C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED4A938-7B21-4DBE-945E-04FD76712CDD",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B02B61B7-7DD3-4164-8D32-EB961E981BC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BC64A9-A82B-4D1A-A070-541F429632FD",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9000686A-DC2B-4561-9C32-E90890EB2EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2909C50-60B7-45A4-A597-B9B13A3136C6",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B9C24B-2C10-4826-A91B-E1C60665FBBE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5F5AAD-06AB-4AE2-ADDF-C704278B1E63",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "180B3002-B3C5-48B5-8322-5B64B237C5B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B13FA57-6D07-4461-B40C-227977EFB67F",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "678C5F58-8AE9-46FF-8F01-4CF394C87A2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D45D2D3-EACD-40A7-A2E4-3E4918C1AAFE",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1766FF1-77A9-4293-B826-F6A8FBD7AFBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BBB5C7-942A-4B1D-9219-7D158D6B65E3",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C474537-3006-41BA-8C3D-5C370E3ACECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA98910-C8B0-4449-A3AD-5C2356C917A8",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B13CA-72F4-4CF6-9E12-62E6E9056A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A92937F-8BB5-4D63-A589-58BF847F06CA",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241E39FF-FE66-444C-A4C2-3D28C45341BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80D9BAD4-AA85-45C6-9246-089D8C4FB30F",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07E922F-C1AB-469C-A1C1-9F9E58332DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB76635-870C-4304-B435-FFCD671FA882",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D08121-DC57-47D7-8214-23A209F0AF08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0B8817-B424-4F8C-B6A0-8305C6317A65",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8264DF4-47B4-4716-AE89-44AFA870D385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "661AC564-7A60-4E10-ADC3-964A04FBA896",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52544912-FAA3-4025-A5FD-151B21CEC53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7EB27B-1963-4057-9088-CBC6FBCD91F6",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77A0A47B-74A1-4731-92A8-BC10FFE58ECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8ED95C-4703-4C83-B787-096FB2730CCA",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "237FB33B-BF08-4E3E-8E83-EB0AD2F12A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2499FB92-B422-4E92-960B-FB67B4C8108F",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98E1D79D-0CB0-4FD9-8A82-27CDFBFE07B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1BF26-EE53-4D48-A4CB-FB04E3DE6697",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF0AFED-588A-4EFB-8C90-9280BC3A6720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52B04F08-3447-4686-A965-65F8C7C64696",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DFCB62-6CDF-4AD2-9265-1887E5780CA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F45D168-7370-454E-AA01-66A5F418AAFA",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D698D3E-BB05-4C65-90F4-8DAE275CD6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B612010-419B-4F5C-8B00-C5BCE6B20EE3",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2299ED50-B4D2-4BB3-AD87-56D552B84AE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "964257EB-311C-4323-AE2C-4BD97FB21798",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F900BDD-F094-41A6-9A23-31F53DBA95D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "816CE49A-4C18-4834-883B-2F19644C831D",
"versionEndExcluding": "milanpi-sp3_1.0.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D02B1C69-BAA4-485B-BE22-46BE321F9E4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.\n"
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada y la verificaci\u00f3n de los l\u00edmites inadecuadas en el firmware SEV pueden perder bytes del b\u00fafer temporal, lo que puede provocar una posible divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2021-26404",
"lastModified": "2024-11-21T05:56:18.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T08:15:11.647",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.