CVE-2021-26311

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3101:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3151:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3201:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3255:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3451:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory () https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory

Information

Published : 2021-05-13 12:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26311

Mitre link : CVE-2021-26311

CVE.ORG link : CVE-2021-26311


JSON object : View

Products Affected

amd

  • epyc_7643
  • epyc_7281
  • epyc_7543
  • epyc_7443
  • epyc_75f3
  • epyc_embedded_3201
  • epyc_7401p
  • epyc_7642
  • epyc_7351
  • epyc_7543p
  • epyc_7352
  • epyc_7713
  • epyc_7302
  • epyc_7452
  • epyc_embedded_3251
  • epyc_embedded_3151
  • epyc_7f32
  • epyc_7f52
  • epyc_7742
  • epyc_embedded_3451
  • epyc_7371
  • epyc_7502p
  • epyc_7552
  • epyc_7662
  • epyc_7763
  • epyc_embedded_3255
  • epyc_7252
  • epyc_7282
  • epyc_7f72
  • epyc_7702p
  • epyc_embedded_3351
  • epyc_7313p
  • epyc_7232p
  • epyc_7513
  • epyc_7413
  • epyc_7501
  • epyc_7502
  • epyc_7313
  • epyc_7663
  • epyc_7401
  • epyc_7532
  • epyc_7402
  • epyc_7601
  • epyc_7272
  • epyc_7301
  • epyc_7261
  • epyc_7451
  • epyc_7542
  • epyc_7551p
  • epyc_73f3
  • epyc_7453
  • epyc_7h12
  • epyc_7351p
  • epyc_72f3
  • epyc_7302p
  • epyc_7343
  • epyc_7402p
  • epyc_7551
  • epyc_7713p
  • epyc_embedded_3101
  • epyc_7702
  • epyc_74f3
  • epyc_7251
  • epyc_7443p
  • epyc_7262
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')