CVE-2021-26406

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:epyc_7232p_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_7252_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7262_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7272_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7282_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_7302_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_7302p_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7352_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7402_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7402p_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_7452_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_7502_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7502p_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7532_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_7542_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7552_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:epyc_7642_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:epyc_7662_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:epyc_7702_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:epyc_7702p_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:epyc_7742_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:epyc_7f32_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:epyc_7f52_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:epyc_7f72_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:amd:epyc_7h12_firmware:romepi_1.0.0.a:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:amd:epyc_7251_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:amd:epyc_7261_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:amd:epyc_7281_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:amd:epyc_7301_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:amd:epyc_7351_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:amd:epyc_7351p_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:amd:epyc_7371_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:amd:epyc_7401_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:amd:epyc_7401p_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:amd:epyc_7451_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:amd:epyc_7501_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:amd:epyc_7551_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:amd:epyc_7551p_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:amd:epyc_7571_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:amd:epyc_7601_firmware:naplespi_1.0.0.e:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type	Values Removed	Values Added
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 - Vendor Advisory
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory

Information

Published : 2023-05-09 19:15

Updated : 2024-11-21 05:56

NVD link : CVE-2021-26406

Mitre link : CVE-2021-26406

CVE.ORG link : CVE-2021-26406

JSON object : View

Products Affected

amd

epyc_7352
epyc_7351p
epyc_7401_firmware
epyc_7702p_firmware
epyc_7301
epyc_7281_firmware
epyc_7502p_firmware
epyc_7551
epyc_7502
epyc_7f72_firmware
epyc_7702_firmware
epyc_7351p_firmware
epyc_7702
epyc_7401p_firmware
epyc_7452
epyc_7262_firmware
epyc_7281
epyc_7742_firmware
epyc_7452_firmware
epyc_7501_firmware
epyc_7571_firmware
epyc_7601
epyc_7642
epyc_7261
epyc_7301_firmware
epyc_7662_firmware
epyc_7662
epyc_7371_firmware
epyc_7532_firmware
epyc_7551p_firmware
epyc_7402_firmware
epyc_7551_firmware
epyc_7542
epyc_7272
epyc_7302
epyc_7h12
epyc_7501
epyc_7272_firmware
epyc_7451_firmware
epyc_7251
epyc_7352_firmware
epyc_7402
epyc_7571
epyc_7702p
epyc_7601_firmware
epyc_7402p
epyc_7252
epyc_7252_firmware
epyc_7302_firmware
epyc_7262
epyc_7302p_firmware
epyc_7451
epyc_7551p
epyc_7401
epyc_7742
epyc_7502_firmware
epyc_7371
epyc_7232p
epyc_7351_firmware
epyc_7f32_firmware
epyc_7552_firmware
epyc_7502p
epyc_7232p_firmware
epyc_7302p
epyc_7532
epyc_7282_firmware
epyc_7542_firmware
epyc_7351
epyc_7h12_firmware
epyc_7f32
epyc_7552
epyc_7402p_firmware
epyc_7642_firmware
epyc_7261_firmware
epyc_7f52_firmware
epyc_7282
epyc_7f72
epyc_7401p
epyc_7f52
epyc_7251_firmware

CWE

NVD-CWE-noinfo

7.5 /10