Insufficient Checks in SEV Affecting AMD Products
CVE-2021-26403
6.5MEDIUM
Summary
Insufficient checks within the Secure Encrypted Virtualization (SEV) framework from AMD may allow a malicious hypervisor to disclose sensitive launch secrets. This vulnerability could lead to potential compromises of virtual machine confidentiality, posing serious security risks for systems utilizing SEV technology.
Affected Version(s)
1st Gen EPYC x86 various
2nd Gen EPYC x86 various
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved