What is CVE-2021-26328?

CVE-2021-26328 is a vulnerability that occurs when the mode of CPU execution is not properly verified during SNP_INIT, leading to a potential loss of memory integrity for SNP guests.

Which software versions are affected by CVE-2021-26328?

The affected software versions include AMD Epyc 7003 Firmware (up to exclusive version milanpi_1.0.0.8) and AMD Epyc 72f3, 7313, 7343, 7373x, 73f3, 7413, 7443, 7443p, 7453, 74f3, 7513, 7543, 7543p, 7573x, 75f3, 7643, 7663, 7713, 7713p, 7743, 7763, and 7773x Firmware (up to exclusive version milanpi_1.0.0.8).

What is the severity of CVE-2021-26328?

CVE-2021-26328 has a severity rating of 4.4, which is considered medium.

How does CVE-2021-26328 impact system security?

CVE-2021-26328 may lead to a potential loss of memory integrity for SNP guests, which can potentially impact system security.

How can I mitigate the vulnerability CVE-2021-26328?

To mitigate CVE-2021-26328, it is recommended to update the affected software versions to a fixed version provided by the vendor.

Vulnerability/
CVE-2021-26328

medium

4.4

10/1/2023

9/4/2025

CVE-2021-26328

First published: Tue Jan 10 2023(Updated: )

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.

Credit: psirt@amd.com

Affected Software	Affected Version	How to fix
AMD EPYC 7003 Firmware	<milanpi_1.0.0.8
AMD EPYC 7003 Firmware
AMD EPYC 72F3 Firmware	<milanpi_1.0.0.8
AMD EPYC 72F3 Firmware
AMD EPYC Firmware	<milanpi_1.0.0.8
AMD EPYC 7313 Firmware
AMD EPYC 7313P Firmware	<milanpi_1.0.0.8
AMD EPYC 7313P Firmware
Amd Epyc Server Firmware	<milanpi_1.0.0.8
AMD EPYC 7343 Firmware
AMD EPYC 7373X Firmware	<milanpi_1.0.0.8
AMD EPYC 7373X Firmware
AMD EPYC 73F3 Firmware	<milanpi_1.0.0.8
AMD EPYC 73F3 Firmware
AMD EPYC 7413 Firmware	<milanpi_1.0.0.8
AMD EPYC 7413 Firmware
AMD EPYC 7443P Firmware	<milanpi_1.0.0.8
AMD EPYC 7443P
AMD EPYC 7443P Firmware	<milanpi_1.0.0.8
AMD EPYC 7443P Firmware
Amd Epyc Server Firmware	<milanpi_1.0.0.8
AMD EPYC Server
AMD EPYC 74F3 Firmware	<milanpi_1.0.0.8
AMD EPYC 74F3 Firmware
AMD EPYC 7513 Firmware	<milanpi_1.0.0.8
AMD EPYC 7513 Firmware
Amd Epyc Server Firmware	<milanpi_1.0.0.8
AMD EPYC 7543 Firmware
AMD EPYC 7543P Firmware	<milanpi_1.0.0.8
AMD EPYC 7543P Firmware
AMD EPYC 7573X Firmware	<milanpi_1.0.0.8
AMD EPYC 7573X Firmware
AMD EPYC 75F3 Firmware	<milanpi_1.0.0.8
AMD EPYC 75F3 Firmware
AMD EPYC 7643P Firmware	<milanpi_1.0.0.8
AMD EPYC 7643 Firmware
AMD EPYC 7663 Firmware	<milanpi_1.0.0.8
AMD EPYC 7663 Firmware
AMD EPYC 7713P Firmware	<milanpi_1.0.0.8
AMD EPYC 7713 Firmware
AMD EPYC 7713P Firmware	<milanpi_1.0.0.8
AMD EPYC 7713P Firmware
AMD EPYC 7743 Firmware	<milanpi_1.0.0.8
AMD EPYC 7743 Firmware
AMD EPYC 7763 Firmware	<milanpi_1.0.0.8
AMD EPYC 7763 Firmware
AMD EPYC 7773X Firmware	<milanpi_1.0.0.8
AMD EPYC 7773X Firmware

Never miss a vulnerability like this again

Reference Links

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

Frequently Asked Questions

What is CVE-2021-26328?
CVE-2021-26328 is a vulnerability that occurs when the mode of CPU execution is not properly verified during SNP_INIT, leading to a potential loss of memory integrity for SNP guests.
Which software versions are affected by CVE-2021-26328?
The affected software versions include AMD Epyc 7003 Firmware (up to exclusive version milanpi_1.0.0.8) and AMD Epyc 72f3, 7313, 7343, 7373x, 73f3, 7413, 7443, 7443p, 7453, 74f3, 7513, 7543, 7543p, 7573x, 75f3, 7643, 7663, 7713, 7713p, 7743, 7763, and 7773x Firmware (up to exclusive version milanpi_1.0.0.8).
What is the severity of CVE-2021-26328?
CVE-2021-26328 has a severity rating of 4.4, which is considered medium.
How does CVE-2021-26328 impact system security?
CVE-2021-26328 may lead to a potential loss of memory integrity for SNP guests, which can potentially impact system security.
How can I mitigate the vulnerability CVE-2021-26328?
To mitigate CVE-2021-26328, it is recommended to update the affected software versions to a fixed version provided by the vendor.