CVE-2021-26349

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*

History

20 May 2022, 14:18

Type	Values Removed	Values Added
First Time		Amd epyc 7773x Amd epyc 7443 Firmware Amd epyc 7773x Firmware Amd epyc 7643 Amd epyc 72f3 Amd epyc 7713 Amd epyc 75f3 Firmware Amd epyc 75f3 Amd epyc 7453 Firmware Amd epyc 7663 Firmware Amd epyc 7643 Firmware Amd epyc 7713p Amd epyc 7413 Amd Amd epyc 73f3 Firmware Amd epyc 7313 Firmware Amd epyc 7473x Firmware Amd epyc 7573x Amd epyc 7543p Amd epyc 7313p Firmware Amd epyc 7313p Amd epyc 72f3 Firmware Amd epyc 7373x Amd epyc 7543p Firmware Amd epyc 7713p Firmware Amd epyc 7763 Firmware Amd epyc 7513 Firmware Amd epyc 7713 Firmware Amd epyc 73f3 Amd epyc 7543 Amd epyc 7413 Firmware Amd epyc 7343 Amd epyc 7443p Amd epyc 74f3 Firmware Amd epyc 7513 Amd epyc 7763 Amd epyc 7343 Firmware Amd epyc 7473x Amd epyc 7373x Firmware Amd epyc 7543 Firmware Amd epyc 7573x Firmware Amd epyc 7443p Firmware Amd epyc 7453 Amd epyc 7313 Amd epyc 74f3 Amd epyc 7663 Amd epyc 7443
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5
CPE		cpe:2.3:o:amd:epyc_7443_firmware:::::::: cpe:2.3:o:amd:epyc_7513_firmware:::::::: cpe:2.3:o:amd:epyc_7763_firmware:::::::: cpe:2.3:o:amd:epyc_74f3_firmware:::::::: cpe:2.3:h:amd:epyc_72f3:-:::::::* cpe:2.3:h:amd:epyc_7473x:-:::::::* cpe:2.3:h:amd:epyc_74f3:-:::::::* cpe:2.3:h:amd:epyc_7313:-:::::::* cpe:2.3:o:amd:epyc_7453_firmware:::::::: cpe:2.3:o:amd:epyc_75f3_firmware:::::::: cpe:2.3:o:amd:epyc_7413_firmware:::::::: cpe:2.3:h:amd:epyc_7663:-:::::::* cpe:2.3:o:amd:epyc_7373x_firmware:::::::: cpe:2.3:h:amd:epyc_7543p:-:::::::* cpe:2.3:o:amd:epyc_7313p_firmware:::::::: cpe:2.3:h:amd:epyc_7773x:-:::::::* cpe:2.3:o:amd:epyc_7773x_firmware:::::::: cpe:2.3:o:amd:epyc_7313_firmware:::::::: cpe:2.3:o:amd:epyc_7643_firmware:::::::: cpe:2.3:h:amd:epyc_7313p:-:::::::* cpe:2.3:h:amd:epyc_7543:-:::::::* cpe:2.3:o:amd:epyc_7713p_firmware:::::::: cpe:2.3:h:amd:epyc_7763:-:::::::* cpe:2.3:o:amd:epyc_73f3_firmware:::::::: cpe:2.3:h:amd:epyc_7443:-:::::::* cpe:2.3:o:amd:epyc_7543p_firmware:::::::: cpe:2.3:h:amd:epyc_7413:-:::::::* cpe:2.3:h:amd:epyc_7643:-:::::::* cpe:2.3:o:amd:epyc_72f3_firmware:::::::: cpe:2.3:o:amd:epyc_7473x_firmware:::::::: cpe:2.3:h:amd:epyc_7343:-:::::::* cpe:2.3:o:amd:epyc_7573x_firmware:::::::: cpe:2.3:h:amd:epyc_7443p:-:::::::* cpe:2.3:o:amd:epyc_7443p_firmware:::::::: cpe:2.3:o:amd:epyc_7663_firmware:::::::: cpe:2.3:h:amd:epyc_7713p:-:::::::* cpe:2.3:h:amd:epyc_7453:-:::::::* cpe:2.3:h:amd:epyc_73f3:-:::::::* cpe:2.3:o:amd:epyc_7343_firmware:::::::: cpe:2.3:o:amd:epyc_7543_firmware:::::::: cpe:2.3:h:amd:epyc_7713:-:::::::* cpe:2.3:h:amd:epyc_7373x:-:::::::* cpe:2.3:o:amd:epyc_7713_firmware:::::::: cpe:2.3:h:amd:epyc_7513:-:::::::* cpe:2.3:h:amd:epyc_7573x:-:::::::* cpe:2.3:h:amd:epyc_75f3:-:::::::*
CWE		NVD-CWE-noinfo

11 May 2022, 17:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-11 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-26349

Mitre link : CVE-2021-26349

CVE.ORG link : CVE-2021-26349

JSON object : View

Products Affected

amd

epyc_7713_firmware
epyc_7513_firmware
epyc_7663_firmware
epyc_7443p_firmware
epyc_7413
epyc_7313p_firmware
epyc_7763
epyc_75f3
epyc_72f3_firmware
epyc_7543p_firmware
epyc_7543p
epyc_7773x
epyc_7773x_firmware
epyc_7443
epyc_7313
epyc_7643
epyc_7453
epyc_7413_firmware
epyc_7713p_firmware
epyc_74f3_firmware
epyc_7473x
epyc_7343_firmware
epyc_74f3
epyc_7543_firmware
epyc_7763_firmware
epyc_7473x_firmware
epyc_7513
epyc_72f3
epyc_7643_firmware
epyc_7443p
epyc_7573x
epyc_7663
epyc_7543
epyc_73f3
epyc_75f3_firmware
epyc_73f3_firmware
epyc_7713p
epyc_7373x
epyc_7453_firmware
epyc_7713
epyc_7313_firmware
epyc_7373x_firmware
epyc_7443_firmware
epyc_7343
epyc_7573x_firmware
epyc_7313p

CWE

NVD-CWE-noinfo

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-26349

5.5^/10

2.1^/10

Attach tags to `CVE-2021-26349`