CVE-2021-26396

CVSS V2 None CVSS V3 None

Description

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.

Overview

CVE ID
CVE-2021-26396

Assigner
psirt@amd.com

Vulnerability Status
Analyzed

Published Version
2023-01-11T08:15:11

Last Modified Date
2023-01-18T23:26:05

Weakness Enumerations

CWE	URL
CWE-345	http://cwe.mitre.org/data/definitions/345.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:amd:epyc_7003_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7003:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_72f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_72f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7313:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7313p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7343_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7343:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7373x_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7373x:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_73f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_73f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7413_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7413:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7443:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7443p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7453_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7453:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_74f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_74f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7513_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7513:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7543:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7543p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7573x_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7573x:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_75f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_75f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7643_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7643:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7663_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7663:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7713:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7713p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7743_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7743:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7763_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7763:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7773x_firmware::::::::	1	OR	milanpi-sp3_1.0.0.9
cpe:2.3:h:amd:epyc_7773x:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-26396
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26396

History

Created	Old Value	New Value	Data Type	Notes
2023-01-12 05:17:10				Added to TrackCVE
2023-01-17 15:15:00	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-19 00:18:21		2023-01-18T23:26:05	CVE Modified Date	updated
2023-01-19 00:18:21	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-19 00:18:22			Weakness Enumeration	new
2023-01-19 00:18:24			CPE Information	updated