Insufficient Validation in AMD Secure Encrypted Virtualization Products
CVE-2021-26406

7.5HIGH

Key Information:

Vendor

Amd
Status
Ryzen™ 2000 Series Desktop Processors “raven Ridge” Am4
Ryzen™ 2000 Series Desktop Processors “pinnacle Ridge”
Ryzen™ 3000 Series Desktop Processors “matisse” Am4
Amd Ryzen™ 5000 Series Desktop Processors “vermeer” Am4
Vendor
CVE Published:
9 May 2023

What is CVE-2021-26406?

This vulnerability arises from insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in AMD Secure Encrypted Virtualization (SEV) systems. It poses a risk of host crashes that may lead to denial-of-service conditions, affecting the stability and reliability of applications relying on these technologies. Ensuring proper validation of these certificates is essential to mitigate potential disruptions and safeguard system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

1st Gen AMD EPYC™ Processors x86 various

2nd Gen AMD EPYC™ Processors x86 various

2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.