Vulnerability Details : CVE-2021-26408
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
Products affected by CVE-2021-26408
- cpe:2.3:o:amd:epyc_7601_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7551p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7551_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7501_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7451_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7401_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7002_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amd:epyc_7401p_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26408
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26408
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:C/A:N |
3.9
|
9.2
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
References for CVE-2021-26408
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
Access DeniedVendor Advisory
Jump to