Insufficient Checks in SEV Affecting AMD Products
CVE-2021-26403

6.5MEDIUM

Key Information:

Vendor
Amd
Vendor
CVE Published:
11 January 2023

Summary

Insufficient checks within the Secure Encrypted Virtualization (SEV) framework from AMD may allow a malicious hypervisor to disclose sensitive launch secrets. This vulnerability could lead to potential compromises of virtual machine confidentiality, posing serious security risks for systems utilizing SEV technology.

Affected Version(s)

1st Gen EPYC x86 various

2nd Gen EPYC x86 various

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.