What is the severity of CVE-2021-26318?

CVE-2021-26318 has been classified with a high severity due to its potential to leak sensitive kernel address space information.

How do I fix CVE-2021-26318?

To mitigate CVE-2021-26318, users should apply the latest firmware updates provided by AMD for their affected CPUs.

Which AMD CPUs are affected by CVE-2021-26318?

CVE-2021-26318 affects specific AMD firmware versions, particularly those associated with AMD Athlon, Athlon Pro, EPYC, and Ryzen.

How does CVE-2021-26318 exploit kernel address space?

CVE-2021-26318 exploits a timing and power-based side channel through x86 PREFETCH instructions, enabling potential information leakage.

Is there a workaround for CVE-2021-26318?

Currently, the recommended workaround for CVE-2021-26318 is to ensure that all affected systems are promptly updated to the latest firmware versions.

Vulnerability/
CVE-2021-26318

medium

4.7

CWE

203 208

13/10/2021

16/9/2024

CVE-2021-26318: Side-channels Related to the x86 PREFETCH Instruction

First published: Wed Oct 13 2021(Updated: )

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

Credit: psirt@amd.com

Affected Software	Affected Version	How to fix
Amd Athlon Firmware
AMD Athlon
Amd Athlon Pro Firmware
AMD Athlon Pro
Amd Epyc Firmware
AMD EPYC
Amd Ryzen Firmware
AMD CPUs
Amd Ryzen Pro Firmware
Amd Ryzen Pro

Never miss a vulnerability like this again

Reference Links

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017

Frequently Asked Questions

What is the severity of CVE-2021-26318?
CVE-2021-26318 has been classified with a high severity due to its potential to leak sensitive kernel address space information.
How do I fix CVE-2021-26318?
To mitigate CVE-2021-26318, users should apply the latest firmware updates provided by AMD for their affected CPUs.
Which AMD CPUs are affected by CVE-2021-26318?
CVE-2021-26318 affects specific AMD firmware versions, particularly those associated with AMD Athlon, Athlon Pro, EPYC, and Ryzen.
How does CVE-2021-26318 exploit kernel address space?
CVE-2021-26318 exploits a timing and power-based side channel through x86 PREFETCH instructions, enabling potential information leakage.
Is there a workaround for CVE-2021-26318?
Currently, the recommended workaround for CVE-2021-26318 is to ensure that all affected systems are promptly updated to the latest firmware versions.

agent/softwarecombine
agent/weakness
agent/title
agent/author
agent/references
agent/severity
agent/type
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/amd
canonical/amd athlon firmware
canonical/amd athlon
canonical/amd athlon pro firmware
canonical/amd athlon pro
canonical/amd epyc firmware
canonical/amd epyc
canonical/amd ryzen firmware
canonical/amd cpus
canonical/amd ryzen pro firmware
canonical/amd ryzen pro

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.