CVE-2021-26332 : Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a p

Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.

Published 2022-05-10 19:15:08

Updated 2022-05-16 16:41:45

Source Advanced Micro Devices Inc.

View at NVD, CVE.org

Products affected by CVE-2021-26332

AMD » Epyc 7763 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7763 » Version: N/A
AMD » Epyc 7713p Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7713p » Version: N/A
AMD » Epyc 7713 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7713 » Version: N/A
AMD » Epyc 7663 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7663 » Version: N/A
AMD » Epyc 7643 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7643 » Version: N/A
AMD » Epyc 75f3 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 75f3 » Version: N/A
AMD » Epyc 7543p Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7543p » Version: N/A
AMD » Epyc 7543 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7543 » Version: N/A
AMD » Epyc 7513 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7513 » Version: N/A
AMD » Epyc 7453 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7453 » Version: N/A
AMD » Epyc 74f3 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 74f3 » Version: N/A
AMD » Epyc 7443p Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7443p » Version: N/A
AMD » Epyc 7443 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7443 » Version: N/A
AMD » Epyc 7413 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7413 » Version: N/A
AMD » Epyc 73f3 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 73f3 » Version: N/A
AMD » Epyc 7343 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7343 » Version: N/A
AMD » Epyc 7313p Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7313p » Version: N/A
AMD » Epyc 7313 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7313 » Version: N/A
AMD » Epyc 72f3 Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 72f3 » Version: N/A
AMD » Epyc 7773x Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7773x » Version: N/A
AMD » Epyc 7473x Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7473x » Version: N/A
AMD » Epyc 7573x Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7573x » Version: N/A
AMD » Epyc 7373x Firmware
Versions before (<) milanpi-sp3_1.0.0.4
cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Epyc 7373x » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-26332

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-26332

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.6	MEDIUM	AV:L/AC:L/Au:N/C:N/I:C/A:C	3.9	9.2	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: Complete
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

References for CVE-2021-26332

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Access Denied
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-26332

Products affected by CVE-2021-26332

Exploit prediction scoring system (EPSS) score for CVE-2021-26332

CVSS scores for CVE-2021-26332

References for CVE-2021-26332