Vulnerability Details : CVE-2021-26328
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
Products affected by CVE-2021-26328
- cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7743_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26328
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26328
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
1.8
|
2.5
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-04-09 |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
1.8
|
2.5
|
NIST |
CWE ids for CVE-2021-26328
-
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2021-26328
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
Access DeniedVendor Advisory
Jump to