CVE-2021-26403 (GCVE-0-2021-26403)
Vulnerability from cvelistv5
Published
2023-01-10 20:56
Modified
2025-04-08 20:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
  • n/a
Summary
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
References
Impacted products
Vendor Product Version
AMD 1st Gen EPYC Version: various
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:23:12.551643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-345",
                "description": "CWE-345 Insufficient Verification of Data Authenticity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T20:24:38.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen EPYC",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen EPYC",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\u003cbr\u003e"
            }
          ],
          "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-11T07:01:59.843Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1032",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26403",
    "datePublished": "2023-01-10T20:56:43.160Z",
    "dateReserved": "2021-01-29T21:24:26.169Z",
    "dateUpdated": "2025-04-08T20:24:38.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-26403\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-01-11T08:15:11.590\",\"lastModified\":\"2025-04-08T21:15:43.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\\n\"},{\"lang\":\"es\",\"value\":\"Las comprobaciones insuficientes en SEV pueden provocar que un hipervisor malicioso revele el secreto de inicio, lo que podr\u00eda comprometer la confidencialidad de la VM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"9C8005C3-A2A0-4166-A356-C3CC1FBAC25C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAD2BB6-29B1-4CCA-A8A5-0FA9AB168803\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"A2FCD9B9-2C08-4764-BAE3-AF929FEAE275\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565383C4-F690-4E3B-8A6A-B7D4ACCFAA05\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7261_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"8631E124-91B0-4505-B71C-C09E9577DFC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71ED05E6-8E69-41B9-9A36-CCE2D59A2603\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"BCDC6A32-EB08-4F4A-A3CA-FD9260043938\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"805B4FEA-CFB2-429C-818B-9277B6D546C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"949779CA-F897-4972-B17B-1384271F3079\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65FC5B9-0803-4D7F-8EF6-7B6681418596\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"047AE099-C8F7-471D-849C-0A602FF5AFA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5FC951-9FAD-45B4-B7CF-D1A9482507F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"E5F33347-AA11-4D73-BD23-B03D744EF7ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB78361-9AAD-44BD-8B30-65715FEA4C06\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7371_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"D61E6BB3-DB02-41BA-A936-CC4BFF51844E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7576CB-A818-47A1-9A0D-6B8FD105FF08\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7401_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"9478CF6F-C3D2-42DA-8AEB-B36FF9E70414\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C05F1EF0-3576-4D47-8704-36E9FAB1D432\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7401p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"C3B3125E-DD29-4AD9-8844-E396D98746E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E41A87-7A39-4BB2-88E4-16DF0D81BFD2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7451_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"AB444BBB-9271-42A6-89FE-8F2AA69F9FA2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C8CF00-8FC8-4206-9028-6F104699DE76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7501_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"18034EB4-9FE1-425C-8394-5B43739E8386\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8BAB73-6F45-49AB-8F00-49A488006F3E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7551_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"E5A51DE5-D8E2-45EC-8625-0B91ABFEF879\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AAB403A-5A36-4DC3-A187-99127CF77BA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7551p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"22D58A3E-A81D-453B-AFDB-3988CEBECD24\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BE5D42-1C62-4381-89E0-8F3264F696EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7601_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"naplespi_1.0.0.e\",\"matchCriteriaId\":\"5107D5C4-CFC7-435B-84F4-A9E7661096CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"168076CD-1E6D-4328-AB59-4C1A90735AC4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7002_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"F608814F-4E9B-441B-8BAC-ACF6D7606E8E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A05BAA-D9ED-411D-AEC7-DBD8998C345E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"12EA442A-A18C-4C06-A9B4-047D58E1D8E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D55BEF-AFC8-45DC-9401-5DEF374E16C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"6B9ABAA9-1C5E-4780-8917-E11D04FEE109\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B816918-6CCF-4010-AA16-7BF8A93AD7D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"3BCC1C62-2562-434E-B9C0-A8B1965B33D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FBBFDD3-A85D-43A3-AD67-D69E91C633B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"E604A7E1-445A-43BA-B66A-14C52D150C1C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F187412-26C2-4D8C-9199-D7CCF49D6520\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"618802E0-15D6-4E17-B8F2-53C97A581C20\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26FC5683-F612-4586-8BA3-FB1F66D8868B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"381AA929-D3DE-4F3D-9B41-44EADA50C600\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F7CB05E-C4F4-481F-AFB0-9288EBE6DB62\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"CDF50F57-B35C-4BD1-B53D-CDD8073098D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2E0AC0-8BDE-49F8-B067-DB03037921DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"37B020AE-780C-4494-AB3B-7C6A3B5D79E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1540CCD-1ED8-4B4E-AD43-7DE2689D9A21\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"D43B8F2C-EA91-4C34-93BC-D78B38DFF40C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"430C9955-0090-4166-8E90-D81C2AA7DE0D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"6277B102-C0AF-42C8-A338-34851923A267\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92EBDDBF-37C2-4D09-B744-F78169B2C1C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"490B1E09-5D20-4FAA-A9A8-74158722941F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68ACF30E-62DD-4217-B7F0-4A0FFF47E8EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"28521153-3F28-441A-BDEB-48559218B5AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49BBC687-5C3C-4843-A028-B8BE29D1E302\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"8C8FDE45-9462-411B-B96A-D78A695ED329\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"563708A3-7C51-4693-B02D-9A25A639FE42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"06A371A0-34DB-4EFD-A00F-65CF3FA35889\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EDABE45-F529-453C-92DC-BF7747CEEC0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"5FC2BAD5-4168-40B5-B827-5131D8B6F4C1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC94B03B-A7FE-47AE-969D-FFEF278A7A9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"4994C21D-B1B0-4E3D-9BC5-80BCCBC79900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A6C7497-1B63-490F-B8EA-D9F3CB790952\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"F423541B-B82B-44E4-B572-DEC874D1647F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EDF8A1E-B259-43D0-A56C-8C2BB688A32C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"17C13965-F2C0-4732-93BB-E0A8319B4A4E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8C6528-9100-41D2-88A2-FFEABAB8F86A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"B3509918-AE1E-401D-9723-A3D82ED89323\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AC99346-DBF1-4060-8E6B-35D315944ADA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"9BD2520E-AEFD-4F90-BCED-2E0C177AFDC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72C86198-0BD4-42E1-974B-70A49F82C411\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"2CBEB74A-8B29-436F-A67C-BBDA21E05E80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F4A126-B4A6-480A-9DD7-7F68714DFB49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"06E831E7-3DFF-4279-BE73-FFB09046AE2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25652AB-E243-4C40-BE12-AB53AF52CD61\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"9458193B-6DFE-4BFD-8741-C99F674A0BD0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87543FB4-658A-4300-9DC9-836AC1D4BCFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"65A3D2FA-BF97-43AA-A535-3CD4E08522E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B3C659-C31A-4F82-9587-9F8A943F637D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"romepi_1.0.0.9\",\"matchCriteriaId\":\"AD4A19B7-C24C-4CF0-A32E-F190C98C8009\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89FAAD8C-6DD1-408D-849B-0CE707321B13\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:26:25.454Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-26403\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T20:23:12.551643Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345 Insufficient Verification of Data Authenticity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T20:24:30.407Z\"}}], \"cna\": {\"source\": {\"advisory\": \"AMD-SB-1032\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"AMD\", \"product\": \"1st Gen EPYC\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \" AMD\", \"product\": \"2nd Gen EPYC\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-01-10T17:30:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2023-01-11T07:01:59.843Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-26403\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T20:24:38.162Z\", \"dateReserved\": \"2021-01-29T21:24:26.169Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2023-01-10T20:56:43.160Z\", \"assignerShortName\": \"AMD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.