CVE-2021-26311: AMD Secure Encrypted Virtualization
First published: Tue May 11 2021(Updated: )
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AMD EPYC 7232p firmware | ||
| AMD EPYC 7251 | ||
| AMD EPYC 7252 Firmware | ||
| AMD Epyc 7261 | ||
| AMD EPYC 7262 Firmware | ||
| AMD EPYC 7272 firmware | ||
| AMD EPYC 7281 Firmware | ||
| AMD EPYC 7282 | ||
| AMD EPYC 72F3 Firmware | ||
| AMD EPYC 7301 Firmware | ||
| AMD EPYC 7302P | ||
| AMD EPYC 7302P | ||
| AMD EPYC 7313P | ||
| AMD EPYC 7313P | ||
| AMD EPYC 7343 | ||
| AMD EPYC 7351P Firmware | ||
| AMD EPYC 7351P Firmware | ||
| AMD EPYC 7352 | ||
| AMD EPYC 7371 Firmware | ||
| AMD EPYC 73F3 | ||
| AMD EPYC 7401 | ||
| AMD EPYC 7401P | ||
| AMD EPYC 7402 | ||
| AMD EPYC 7402P | ||
| AMD EPYC 7413 Firmware | ||
| AMD EPYC 7443 | ||
| AMD EPYC 7443P | ||
| AMD EPYC 7451 Firmware | ||
| AMD EPYC 7452 | ||
| AMD EPYC 7453 | ||
| AMD EPYC 74F3 | ||
| AMD EPYC 7501 | ||
| AMD EPYC 7502 | ||
| AMD EPYC 7502P | ||
| AMD EPYC 7513 | ||
| AMD EPYC 7532 | ||
| AMD EPYC 7542 | ||
| AMD EPYC 7543 Firmware | ||
| AMD EPYC 7543P Firmware | ||
| AMD EPYC 7551 Firmware | ||
| AMD EPYC 7551P Firmware | ||
| AMD EPYC Embedded 7552 | ||
| AMD EPYC 75F3 | ||
| AMD EPYC 7601 Firmware | ||
| AMD EPYC 7642 Firmware | ||
| AMD EPYC 7643 | ||
| AMD EPYC 7662 | ||
| AMD EPYC 7663 Firmware | ||
| AMD EPYC 7702 | ||
| AMD EPYC 7702p | ||
| AMD EPYC 7713 | ||
| AMD EPYC 7713P Firmware | ||
| AMD EPYC 7742 firmware | ||
| AMD EPYC 7763 Firmware | ||
| AMD EPYC 7F32 Firmware | ||
| AMD EPYC 7F52 | ||
| AMD EPYC 7F72 | ||
| AMD EPYC 7H12 | ||
| AMD EPYC Embedded 3101 | ||
| AMD EPYC Embedded 3151 | ||
| AMD EPYC Embedded 3201 | ||
| AMD EPYC Embedded 3251 | ||
| AMD EPYC Embedded 3255 | ||
| AMD EPYC Embedded 3351 Firmware | ||
| AMD EPYC Embedded 3451 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-26311.
What is the severity of CVE-2021-26311?
The severity of CVE-2021-26311 is critical with a severity score of 7.2.
Which software versions are affected by CVE-2021-26311?
The affected software versions include Amd Epyc 7232p, Amd Epyc 7251, Amd Epyc 7252, Microsoft Windows 11, and many more.
How can a malicious hypervisor exploit CVE-2021-26311?
A malicious hypervisor can exploit CVE-2021-26311 by rearranging memory in the guest address space that is not detected by the attestation mechanism, potentially leading to arbitrary code execution within the guest VM.
Where can I find more information about CVE-2021-26311?
You can find more information about CVE-2021-26311 at the following reference: [AMD Security Bulletin](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004).
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/amd epyc 7232p firmware
- canonical/amd epyc 7251
- canonical/amd epyc 7252 firmware
- canonical/amd epyc 7261
- canonical/amd epyc 7262 firmware
- canonical/amd epyc 7272 firmware
- canonical/amd epyc 7281 firmware
- canonical/amd epyc 7282
- canonical/amd epyc 72f3 firmware
- canonical/amd epyc 7301 firmware
- canonical/amd epyc 7302p
- canonical/amd epyc 7313p
- canonical/amd epyc 7343
- canonical/amd epyc 7351p firmware
- canonical/amd epyc 7352
- canonical/amd epyc 7371 firmware
- canonical/amd epyc 73f3
- canonical/amd epyc 7401
- canonical/amd epyc 7401p
- canonical/amd epyc 7402
- canonical/amd epyc 7402p
- canonical/amd epyc 7413 firmware
- canonical/amd epyc 7443
- canonical/amd epyc 7443p
- canonical/amd epyc 7451 firmware
- canonical/amd epyc 7452
- canonical/amd epyc 7453
- canonical/amd epyc 74f3
- canonical/amd epyc 7501
- canonical/amd epyc 7502
- canonical/amd epyc 7502p
- canonical/amd epyc 7513
- canonical/amd epyc 7532
- canonical/amd epyc 7542
- canonical/amd epyc 7543 firmware
- canonical/amd epyc 7543p firmware
- canonical/amd epyc 7551 firmware
- canonical/amd epyc 7551p firmware
- canonical/amd epyc embedded 7552
- canonical/amd epyc 75f3
- canonical/amd epyc 7601 firmware
- canonical/amd epyc 7642 firmware
- canonical/amd epyc 7643
- canonical/amd epyc 7662
- canonical/amd epyc 7663 firmware
- canonical/amd epyc 7702
- canonical/amd epyc 7702p
- canonical/amd epyc 7713
- canonical/amd epyc 7713p firmware
- canonical/amd epyc 7742 firmware
- canonical/amd epyc 7763 firmware
- canonical/amd epyc 7f32 firmware
- canonical/amd epyc 7f52
- canonical/amd epyc 7f72
- canonical/amd epyc 7h12
- canonical/amd epyc embedded 3101
- canonical/amd epyc embedded 3151
- canonical/amd epyc embedded 3201
- canonical/amd epyc embedded 3251
- canonical/amd epyc embedded 3255
- canonical/amd epyc embedded 3351 firmware
- canonical/amd epyc embedded 3451 firmware