CVE Vulnerability

CVE-2021-26342

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

3.3 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2022-05-11 05:15

Updated : 2022-05-19 08:05

NVD link : CVE-2021-26342

Mitre link : CVE-2021-26342

Products Affected

Amd

Epyc 7401p

CWE
NVD-CWE-noinfo