What is CVE-2021-26349?

CVE-2021-26349 is a vulnerability that occurs when a new report ID is not assigned to an imported guest, potentially allowing a dishonest Migration Agent (MA) to trick an SEV-SNP guest VM into trusting them.

How does CVE-2021-26349 affect Amd Epyc 7763 Firmware?

Amd Epyc 7763 Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.

How does CVE-2021-26349 affect Amd Epyc 7713p Firmware?

Amd Epyc 7713p Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.

What is the severity of CVE-2021-26349?

CVE-2021-26349 has a severity rating of 5.5 (medium).

Where can I find more information about CVE-2021-26349?

More information about CVE-2021-26349 can be found on the AMD Product Security Bulletin page at https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028.

Vulnerability/
CVE-2021-26349

medium

5.5

10/5/2022

3/8/2024

CVE-2021-26349

First published: Tue May 10 2022(Updated: )

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).

Credit: psirt@amd.com

Affected Software	Affected Version	How to fix
AMD EPYC 7763 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7763 Firmware
AMD EPYC 7713P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7713P Firmware
AMD EPYC 7713P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7713 Firmware
AMD EPYC 7663 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7663 Firmware
AMD EPYC 7643P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7643 Firmware
AMD EPYC 75F3 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 75F3 Firmware
AMD EPYC 7543P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7543P Firmware
Amd Epyc Server Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7543 Firmware
AMD EPYC 7513 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7513 Firmware
Amd Epyc Server Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7453
AMD EPYC 74F3 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 74F3 Firmware
AMD EPYC 7443P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7443P Firmware
AMD EPYC 7443P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7443P
AMD EPYC 7413 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7413 Firmware
AMD EPYC 73F3 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 73F3 Firmware
Amd Epyc Server Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7343 Firmware
AMD EPYC 7313P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7313P Firmware
AMD EPYC 7313P Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7313 Firmware
AMD EPYC 72F3 Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 72F3 Firmware
AMD EPYC 7773X Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7773X Firmware
AMD EPYC 7473X Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7473X Firmware
AMD EPYC 7573X Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7573X Firmware
AMD EPYC 7373X Firmware	<milanpi-sp3_1.0.0.7
AMD EPYC 7373X Firmware

Never miss a vulnerability like this again

Reference Links

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Frequently Asked Questions

What is CVE-2021-26349?
CVE-2021-26349 is a vulnerability that occurs when a new report ID is not assigned to an imported guest, potentially allowing a dishonest Migration Agent (MA) to trick an SEV-SNP guest VM into trusting them.
How does CVE-2021-26349 affect Amd Epyc 7763 Firmware?
Amd Epyc 7763 Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.
How does CVE-2021-26349 affect Amd Epyc 7713p Firmware?
Amd Epyc 7713p Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.
What is the severity of CVE-2021-26349?
CVE-2021-26349 has a severity rating of 5.5 (medium).
Where can I find more information about CVE-2021-26349?
More information about CVE-2021-26349 can be found on the AMD Product Security Bulletin page at https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028.