First published: Tue May 10 2022(Updated: )
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
Credit: psirt@amd.com
Affected Software | Affected Version | How to fix |
---|---|---|
Amd Epyc 7763 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7763 | ||
Amd Epyc 7713p Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7713p | ||
Amd Epyc 7713 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7713 | ||
Amd Epyc 7663 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7663 | ||
Amd Epyc 7643 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7643 | ||
Amd Epyc 75f3 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 75f3 | ||
Amd Epyc 7543p Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7543p | ||
Amd Epyc 7543 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7543 | ||
Amd Epyc 7513 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7513 | ||
Amd Epyc 7453 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7453 | ||
Amd Epyc 74f3 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 74f3 | ||
Amd Epyc 7443p Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7443p | ||
Amd Epyc 7443 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7443 | ||
Amd Epyc 7413 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7413 | ||
Amd Epyc 73f3 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 73f3 | ||
Amd Epyc 7343 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7343 | ||
Amd Epyc 7313p Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7313p | ||
Amd Epyc 7313 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7313 | ||
Amd Epyc 72f3 Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 72f3 | ||
Amd Epyc 7773x Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7773x | ||
Amd Epyc 7473x Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7473x | ||
Amd Epyc 7573x Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7573x | ||
Amd Epyc 7373x Firmware | <milanpi-sp3_1.0.0.7 | |
Amd Epyc 7373x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26349 is a vulnerability that occurs when a new report ID is not assigned to an imported guest, potentially allowing a dishonest Migration Agent (MA) to trick an SEV-SNP guest VM into trusting them.
Amd Epyc 7763 Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.
Amd Epyc 7713p Firmware with version milanpi-sp3_1.0.0.7 is affected by CVE-2021-26349.
CVE-2021-26349 has a severity rating of 5.5 (medium).
More information about CVE-2021-26349 can be found on the AMD Product Security Bulletin page at https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028.