Security Flaw in AMD's Platform Private Key Management
CVE-2021-26322

7.5HIGH

Key Information:

Vendor: Amd
Status: 1st Gen Amd Epyc™; 2nd Gen Amd Epyc™; 3rd Gen Amd Epyc™
Vendor: CVE Published:; 16 November 2021

Summary

A security vulnerability in AMD's Platform Private Key Management could expose the persistent private key due to inadequate protection by a non-random initialization vector (IV). This flaw may allow attackers to perform a two time pad attack, potentially compromising the confidentiality of sensitive data. It is essential for users of this product to be aware of this issue and apply the necessary security measures outlined in the vendor's advisory.

Affected Version(s)

1st Gen AMD EPYC™ < unspecified

2nd Gen AMD EPYC™ < unspecified

3rd Gen AMD EPYC™ < unspecified

References

https://www.amd.com/en/corporate/product-security/bulleti...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Jan 29, 2021