CVE-2021-26406
First published: Tue May 09 2023(Updated: )
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
Credit: psirt@amd.com psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| AMD EPYC 7232p firmware | =romepi_1.0.0.a | |
| AMD EPYC 7232p firmware | ||
| All of | ||
| AMD EPYC 7252 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7252 Firmware | ||
| All of | ||
| AMD EPYC 7262 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7262 Firmware | ||
| All of | ||
| AMD EPYC 7272 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7272 firmware | ||
| All of | ||
| AMD EPYC 7282 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7282 | ||
| All of | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7302P | ||
| All of | ||
| AMD EPYC 7302P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7302P | ||
| All of | ||
| AMD EPYC 7352 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7352 | ||
| All of | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7402 | ||
| All of | ||
| AMD EPYC 7402P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7402P | ||
| All of | ||
| AMD EPYC 7452 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7452 | ||
| All of | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7502 | ||
| All of | ||
| AMD EPYC 7502P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7502P | ||
| All of | ||
| AMD EPYC 7532 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7532 | ||
| All of | ||
| AMD EPYC 7542 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7542 | ||
| All of | ||
| AMD EPYC 7552 Firmware | =romepi_1.0.0.a | |
| AMD EPYC Embedded 7552 | ||
| All of | ||
| AMD EPYC 7642 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7642 Firmware | ||
| All of | ||
| AMD EPYC 7662 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7662 | ||
| All of | ||
| AMD EPYC 7702 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7702 | ||
| All of | ||
| AMD EPYC 7702 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7702p | ||
| All of | ||
| AMD EPYC 7742 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7742 firmware | ||
| All of | ||
| AMD EPYC 7F32 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F32 Firmware | ||
| All of | ||
| AMD EPYC 7F52 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F52 | ||
| All of | ||
| AMD EPYC 7F72 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F72 | ||
| All of | ||
| AMD EPYC 7H12 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7H12 | ||
| All of | ||
| AMD EPYC 7251 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7251 | ||
| All of | ||
| AMD EPYC 7261 Firmware | =naplespi_1.0.0.e | |
| AMD Epyc 7261 | ||
| All of | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7281 Firmware | ||
| All of | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7301 Firmware | ||
| All of | ||
| AMD EPYC 7351P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7351P Firmware | ||
| All of | ||
| AMD EPYC 7351P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7351P Firmware | ||
| All of | ||
| AMD EPYC 7371 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7371 Firmware | ||
| All of | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7401 | ||
| All of | ||
| AMD EPYC 7401P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7401P | ||
| All of | ||
| AMD EPYC 7451 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7451 Firmware | ||
| All of | ||
| AMD EPYC 7501 firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7501 | ||
| All of | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7551 Firmware | ||
| All of | ||
| AMD EPYC 7551P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7551P Firmware | ||
| All of | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7571 | ||
| All of | ||
| AMD EPYC 7601 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7601 Firmware | ||
| AMD EPYC 7232p firmware | =romepi_1.0.0.a | |
| AMD EPYC 7232p firmware | ||
| AMD EPYC 7252 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7252 Firmware | ||
| AMD EPYC 7262 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7262 Firmware | ||
| AMD EPYC 7272 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7272 firmware | ||
| AMD EPYC 7282 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7282 | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7302P | ||
| AMD EPYC 7302P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7302P | ||
| AMD EPYC 7352 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7352 | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7402 | ||
| AMD EPYC 7402P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7402P | ||
| AMD EPYC 7452 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7452 | ||
| Amd Epyc Server Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7502 | ||
| AMD EPYC 7502P Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7502P | ||
| AMD EPYC 7532 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7532 | ||
| AMD EPYC 7542 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7542 | ||
| AMD EPYC 7552 Firmware | =romepi_1.0.0.a | |
| AMD EPYC Embedded 7552 | ||
| AMD EPYC 7642 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7642 Firmware | ||
| AMD EPYC 7662 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7662 | ||
| AMD EPYC 7702 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7702 | ||
| AMD EPYC 7702 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7702p | ||
| AMD EPYC 7742 firmware | =romepi_1.0.0.a | |
| AMD EPYC 7742 firmware | ||
| AMD EPYC 7F32 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F32 Firmware | ||
| AMD EPYC 7F52 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F52 | ||
| AMD EPYC 7F72 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7F72 | ||
| AMD EPYC 7H12 Firmware | =romepi_1.0.0.a | |
| AMD EPYC 7H12 | ||
| AMD EPYC 7251 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7251 | ||
| AMD EPYC 7261 Firmware | =naplespi_1.0.0.e | |
| AMD Epyc 7261 | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7281 Firmware | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7301 Firmware | ||
| AMD EPYC 7351P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7351P Firmware | ||
| AMD EPYC 7351P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7351P Firmware | ||
| AMD EPYC 7371 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7371 Firmware | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7401 | ||
| AMD EPYC 7401P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7401P | ||
| AMD EPYC 7451 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7451 Firmware | ||
| AMD EPYC 7501 firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7501 | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7551 Firmware | ||
| AMD EPYC 7551P Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7551P Firmware | ||
| Amd Epyc Server Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7571 | ||
| AMD EPYC 7601 Firmware | =naplespi_1.0.0.e | |
| AMD EPYC 7601 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-26406?
CVE-2021-26406 is classified as a potential denial of service vulnerability due to host crashes caused by insufficient validation in parsing Owner's Certificate Authority (OCA) certificates.
How do I fix CVE-2021-26406?
To fix CVE-2021-26406, update the firmware to a version that addresses this vulnerability, specifically versions later than romepi_1.0.0.a.
Which systems are affected by CVE-2021-26406?
CVE-2021-26406 affects multiple Amd Epyc firmware versions specifically using romepi_1.0.0.a.
Can CVE-2021-26406 lead to data loss?
While CVE-2021-26406 primarily poses a risk of denial of service, host crashes may indirectly lead to data loss if not handled properly.
Is there a workaround for CVE-2021-26406?
Currently, the recommended approach for CVE-2021-26406 is to apply the necessary firmware updates, as no specific workaround is available.
- agent/type
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/amd
- canonical/amd epyc 7232p firmware
- version/amd epyc 7232p firmware/romepi_1.0.0.a
- canonical/amd epyc 7252 firmware
- version/amd epyc 7252 firmware/romepi_1.0.0.a
- canonical/amd epyc 7262 firmware
- version/amd epyc 7262 firmware/romepi_1.0.0.a
- canonical/amd epyc 7272 firmware
- version/amd epyc 7272 firmware/romepi_1.0.0.a
- canonical/amd epyc 7282 firmware
- version/amd epyc 7282 firmware/romepi_1.0.0.a
- canonical/amd epyc 7282
- canonical/amd epyc server firmware
- version/amd epyc server firmware/romepi_1.0.0.a
- canonical/amd epyc 7302p
- canonical/amd epyc 7302p firmware
- version/amd epyc 7302p firmware/romepi_1.0.0.a
- canonical/amd epyc 7352 firmware
- version/amd epyc 7352 firmware/romepi_1.0.0.a
- canonical/amd epyc 7352
- canonical/amd epyc 7402
- canonical/amd epyc 7402p firmware
- version/amd epyc 7402p firmware/romepi_1.0.0.a
- canonical/amd epyc 7402p
- canonical/amd epyc 7452 firmware
- version/amd epyc 7452 firmware/romepi_1.0.0.a
- canonical/amd epyc 7452
- canonical/amd epyc 7502
- canonical/amd epyc 7502p firmware
- version/amd epyc 7502p firmware/romepi_1.0.0.a
- canonical/amd epyc 7502p
- canonical/amd epyc 7532 firmware
- version/amd epyc 7532 firmware/romepi_1.0.0.a
- canonical/amd epyc 7532
- canonical/amd epyc 7542 firmware
- version/amd epyc 7542 firmware/romepi_1.0.0.a
- canonical/amd epyc 7542
- canonical/amd epyc 7552 firmware
- version/amd epyc 7552 firmware/romepi_1.0.0.a
- canonical/amd epyc embedded 7552
- canonical/amd epyc 7642 firmware
- version/amd epyc 7642 firmware/romepi_1.0.0.a
- canonical/amd epyc 7662 firmware
- version/amd epyc 7662 firmware/romepi_1.0.0.a
- canonical/amd epyc 7662
- canonical/amd epyc 7702 firmware
- version/amd epyc 7702 firmware/romepi_1.0.0.a
- canonical/amd epyc 7702
- canonical/amd epyc 7702p
- canonical/amd epyc 7742 firmware
- version/amd epyc 7742 firmware/romepi_1.0.0.a
- canonical/amd epyc 7f32 firmware
- version/amd epyc 7f32 firmware/romepi_1.0.0.a
- canonical/amd epyc 7f52 firmware
- version/amd epyc 7f52 firmware/romepi_1.0.0.a
- canonical/amd epyc 7f52
- canonical/amd epyc 7f72 firmware
- version/amd epyc 7f72 firmware/romepi_1.0.0.a
- canonical/amd epyc 7f72
- canonical/amd epyc 7h12 firmware
- version/amd epyc 7h12 firmware/romepi_1.0.0.a
- canonical/amd epyc 7h12
- canonical/amd epyc 7251 firmware
- version/amd epyc 7251 firmware/naplespi_1.0.0.e
- canonical/amd epyc 7251
- canonical/amd epyc 7261 firmware
- version/amd epyc 7261 firmware/naplespi_1.0.0.e
- canonical/amd epyc 7261
- version/amd epyc server firmware/naplespi_1.0.0.e
- canonical/amd epyc 7281 firmware
- canonical/amd epyc 7301 firmware
- canonical/amd epyc 7351p firmware
- version/amd epyc 7351p firmware/naplespi_1.0.0.e
- canonical/amd epyc 7371 firmware
- version/amd epyc 7371 firmware/naplespi_1.0.0.e
- canonical/amd epyc 7401
- canonical/amd epyc 7401p firmware
- version/amd epyc 7401p firmware/naplespi_1.0.0.e
- canonical/amd epyc 7401p
- canonical/amd epyc 7451 firmware
- version/amd epyc 7451 firmware/naplespi_1.0.0.e
- canonical/amd epyc 7501 firmware
- version/amd epyc 7501 firmware/naplespi_1.0.0.e
- canonical/amd epyc 7501
- canonical/amd epyc 7551 firmware
- canonical/amd epyc 7551p firmware
- version/amd epyc 7551p firmware/naplespi_1.0.0.e
- canonical/amd epyc 7571
- canonical/amd epyc 7601 firmware
- version/amd epyc 7601 firmware/naplespi_1.0.0.e