CVE-2021-26311 - Vulnerability Details

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01283.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Epyc 7232p Epyc 7251 Epyc 7252 Epyc 7261 Epyc 7262 Epyc 7272 Epyc 7281 Epyc 7282 Epyc 72f3 Epyc 7301 Epyc 7302 Epyc 7302p Epyc 7313 Epyc 7313p Epyc 7343 Epyc 7351 Epyc 7351p Epyc 7352 Epyc 7371 Epyc 73f3 Epyc 7401 Epyc 7401p Epyc 7402 Epyc 7402p Epyc 7413 Epyc 7443 Epyc 7443p Epyc 7451 Epyc 7452 Epyc 7453 Epyc 74f3 Epyc 7501 Epyc 7502 Epyc 7502p Epyc 7513 Epyc 7532 Epyc 7542 Epyc 7543 Epyc 7543p Epyc 7551 Epyc 7551p Epyc 7552 Epyc 75f3 Epyc 7601 Epyc 7642 Epyc 7643 Epyc 7662 Epyc 7663 Epyc 7702 Epyc 7702p Epyc 7713 Epyc 7713p Epyc 7742 Epyc 7763 Epyc 7f32 Epyc 7f52 Epyc 7f72 Epyc 7h12 Epyc Embedded 3101 Epyc Embedded 3151 Epyc Embedded 3201 Epyc Embedded 3251 Epyc Embedded 3255 Epyc Embedded 3351 Epyc Embedded 3451

Configuration 1 [-]

OR	cpe:2.3:h:amd:epyc_7232p:-:::::::*
	cpe:2.3:h:amd:epyc_7251:-:::::::*
	cpe:2.3:h:amd:epyc_7252:-:::::::*
	cpe:2.3:h:amd:epyc_7261:-:::::::*
	cpe:2.3:h:amd:epyc_7262:-:::::::*
	cpe:2.3:h:amd:epyc_7272:-:::::::*
	cpe:2.3:h:amd:epyc_7281:-:::::::*
	cpe:2.3:h:amd:epyc_7282:-:::::::*
	cpe:2.3:h:amd:epyc_72f3:-:::::::*
	cpe:2.3:h:amd:epyc_7301:-:::::::*
	cpe:2.3:h:amd:epyc_7302:-:::::::*
	cpe:2.3:h:amd:epyc_7302p:-:::::::*
	cpe:2.3:h:amd:epyc_7313:-:::::::*
	cpe:2.3:h:amd:epyc_7313p:-:::::::*
	cpe:2.3:h:amd:epyc_7343:-:::::::*
	cpe:2.3:h:amd:epyc_7351:-:::::::*
	cpe:2.3:h:amd:epyc_7351p:-:::::::*
	cpe:2.3:h:amd:epyc_7352:-:::::::*
	cpe:2.3:h:amd:epyc_7371:-:::::::*
	cpe:2.3:h:amd:epyc_73f3:-:::::::*
	cpe:2.3:h:amd:epyc_7401:-:::::::*
	cpe:2.3:h:amd:epyc_7401p:-:::::::*
	cpe:2.3:h:amd:epyc_7402:-:::::::*
	cpe:2.3:h:amd:epyc_7402p:-:::::::*
	cpe:2.3:h:amd:epyc_7413:-:::::::*
	cpe:2.3:h:amd:epyc_7443:-:::::::*
	cpe:2.3:h:amd:epyc_7443p:-:::::::*
	cpe:2.3:h:amd:epyc_7451:-:::::::*
	cpe:2.3:h:amd:epyc_7452:-:::::::*
	cpe:2.3:h:amd:epyc_7453:-:::::::*
	cpe:2.3:h:amd:epyc_74f3:-:::::::*
	cpe:2.3:h:amd:epyc_7501:-:::::::*
	cpe:2.3:h:amd:epyc_7502:-:::::::*
	cpe:2.3:h:amd:epyc_7502p:-:::::::*
	cpe:2.3:h:amd:epyc_7513:-:::::::*
	cpe:2.3:h:amd:epyc_7532:-:::::::*
	cpe:2.3:h:amd:epyc_7542:-:::::::*
	cpe:2.3:h:amd:epyc_7543:-:::::::*
	cpe:2.3:h:amd:epyc_7543p:-:::::::*
	cpe:2.3:h:amd:epyc_7551:-:::::::*
	cpe:2.3:h:amd:epyc_7551p:-:::::::*
	cpe:2.3:h:amd:epyc_7552:-:::::::*
	cpe:2.3:h:amd:epyc_75f3:-:::::::*
	cpe:2.3:h:amd:epyc_7601:-:::::::*
	cpe:2.3:h:amd:epyc_7642:-:::::::*
	cpe:2.3:h:amd:epyc_7643:-:::::::*
	cpe:2.3:h:amd:epyc_7662:-:::::::*
	cpe:2.3:h:amd:epyc_7663:-:::::::*
	cpe:2.3:h:amd:epyc_7702:-:::::::*
	cpe:2.3:h:amd:epyc_7702p:-:::::::*
	cpe:2.3:h:amd:epyc_7713:-:::::::*
	cpe:2.3:h:amd:epyc_7713p:-:::::::*
	cpe:2.3:h:amd:epyc_7742:-:::::::*
	cpe:2.3:h:amd:epyc_7763:-:::::::*
	cpe:2.3:h:amd:epyc_7f32:-:::::::*
	cpe:2.3:h:amd:epyc_7f52:-:::::::*
	cpe:2.3:h:amd:epyc_7f72:-:::::::*
	cpe:2.3:h:amd:epyc_7h12:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3101:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3151:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3201:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3251:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3255:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3351:-:::::::*
cpe:2.3:h:amd:epyc_embedded_3451:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-13117	In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2021-05-13T11:06:17.662304Z

Updated: 2024-09-17T04:25:26.352Z

Reserved: 2021-01-29T00:00:00

Link: CVE-2021-26311

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-13T12:15:07.597

Modified: 2024-11-21T05:56:04.090

Link: CVE-2021-26311

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object