CVE-2021-26311: AMD Secure Encrypted Virtualization
First published: Tue May 11 2021(Updated: )
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AMD EPYC 7232p firmware | ||
| AMD EPYC 7251 Firmware | ||
| AMD EPYC 7252 Firmware | ||
| AMD EPYC 7261 | ||
| AMD EPYC 7262 Firmware | ||
| AMD EPYC 7272 firmware | ||
| AMD EPYC Server | ||
| AMD EPYC 7282 Firmware | ||
| AMD EPYC 72F3 Firmware | ||
| AMD EPYC 7301 Firmware | ||
| AMD EPYC 7302 Firmware | ||
| AMD EPYC 7302P Firmware | ||
| AMD EPYC 7313 Firmware | ||
| AMD EPYC 7313P Firmware | ||
| AMD EPYC 7343 Firmware | ||
| AMD EPYC 7351 Firmware | ||
| AMD EPYC 7351P Firmware | ||
| AMD EPYC 7352 firmware | ||
| AMD EPYC 7371 Firmware | ||
| AMD EPYC 73F3 Firmware | ||
| AMD EPYC 7401 Firmware | ||
| AMD EPYC 7401P Firmware | ||
| AMD EPYC 7402 Firmware | ||
| AMD EPYC 7402P Firmware | ||
| AMD EPYC 7413 Firmware | ||
| AMD EPYC 7443P | ||
| AMD EPYC 7443P Firmware | ||
| AMD EPYC 7451 Firmware | ||
| AMD EPYC Server | ||
| AMD EPYC Server | ||
| AMD EPYC 74F3 Firmware | ||
| AMD EPYC Server | ||
| AMD EPYC 7502 firmware | ||
| AMD EPYC 7502P Firmware | ||
| AMD EPYC 7513 Firmware | ||
| AMD EPYC 7532 Firmware | ||
| AMD EPYC Server | ||
| AMD EPYC 7543 Firmware | ||
| AMD EPYC 7543P Firmware | ||
| AMD EPYC 7551 Firmware | ||
| AMD EPYC 7551P Firmware | ||
| AMD EPYC 7552 Firmware | ||
| AMD EPYC 75F3 Firmware | ||
| AMD EPYC 7601 Firmware | ||
| AMD EPYC 7642 Firmware | ||
| AMD EPYC 7643 Firmware | ||
| AMD EPYC 7662 Firmware | ||
| AMD EPYC 7663 Firmware | ||
| AMD EPYC Server | ||
| AMD EPYC 7702P | ||
| AMD EPYC 7713 Firmware | ||
| AMD EPYC 7713P Firmware | ||
| AMD EPYC Server | ||
| AMD EPYC 7763 Firmware | ||
| AMD EPYC 7F32 Firmware | ||
| AMD EPYC 7F52 Firmware | ||
| AMD EPYC 7F72 Firmware | ||
| AMD EPYC 7H12 Firmware | ||
| AMD EPYC Embedded 3101 | ||
| AMD EPYC Embedded 3151 | ||
| AMD EPYC Embedded 3201 | ||
| AMD EPYC Embedded 3251 | ||
| AMD EPYC Embedded 3255 | ||
| AMD EPYC Embedded 3351 Firmware | ||
| AMD EPYC Embedded 3451 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-26311.
What is the severity of CVE-2021-26311?
The severity of CVE-2021-26311 is critical with a severity score of 7.2.
Which software versions are affected by CVE-2021-26311?
The affected software versions include Amd Epyc 7232p, Amd Epyc 7251, Amd Epyc 7252, Microsoft Windows 11, and many more.
How can a malicious hypervisor exploit CVE-2021-26311?
A malicious hypervisor can exploit CVE-2021-26311 by rearranging memory in the guest address space that is not detected by the attestation mechanism, potentially leading to arbitrary code execution within the guest VM.
Where can I find more information about CVE-2021-26311?
You can find more information about CVE-2021-26311 at the following reference: [AMD Security Bulletin](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004).
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/amd epyc 7232p firmware
- canonical/amd epyc 7251 firmware
- canonical/amd epyc 7252 firmware
- canonical/amd epyc 7261
- canonical/amd epyc 7262 firmware
- canonical/amd epyc 7272 firmware
- canonical/amd epyc server
- canonical/amd epyc 7282 firmware
- canonical/amd epyc 72f3 firmware
- canonical/amd epyc 7301 firmware
- canonical/amd epyc 7302 firmware
- canonical/amd epyc 7302p firmware
- canonical/amd epyc 7313 firmware
- canonical/amd epyc 7313p firmware
- canonical/amd epyc 7343 firmware
- canonical/amd epyc 7351 firmware
- canonical/amd epyc 7351p firmware
- canonical/amd epyc 7352 firmware
- canonical/amd epyc 7371 firmware
- canonical/amd epyc 73f3 firmware
- canonical/amd epyc 7401 firmware
- canonical/amd epyc 7401p firmware
- canonical/amd epyc 7402 firmware
- canonical/amd epyc 7402p firmware
- canonical/amd epyc 7413 firmware
- canonical/amd epyc 7443p
- canonical/amd epyc 7443p firmware
- canonical/amd epyc 7451 firmware
- canonical/amd epyc 74f3 firmware
- canonical/amd epyc 7502 firmware
- canonical/amd epyc 7502p firmware
- canonical/amd epyc 7513 firmware
- canonical/amd epyc 7532 firmware
- canonical/amd epyc 7543 firmware
- canonical/amd epyc 7543p firmware
- canonical/amd epyc 7551 firmware
- canonical/amd epyc 7551p firmware
- canonical/amd epyc 7552 firmware
- canonical/amd epyc 75f3 firmware
- canonical/amd epyc 7601 firmware
- canonical/amd epyc 7642 firmware
- canonical/amd epyc 7643 firmware
- canonical/amd epyc 7662 firmware
- canonical/amd epyc 7663 firmware
- canonical/amd epyc 7702p
- canonical/amd epyc 7713 firmware
- canonical/amd epyc 7713p firmware
- canonical/amd epyc 7763 firmware
- canonical/amd epyc 7f32 firmware
- canonical/amd epyc 7f52 firmware
- canonical/amd epyc 7f72 firmware
- canonical/amd epyc 7h12 firmware
- canonical/amd epyc embedded 3101
- canonical/amd epyc embedded 3151
- canonical/amd epyc embedded 3201
- canonical/amd epyc embedded 3251
- canonical/amd epyc embedded 3255
- canonical/amd epyc embedded 3351 firmware
- canonical/amd epyc embedded 3451 firmware