CVE-2021-26339

moderate-risk

Published 2022-05-11

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Epyc 7763 Firmware

Epyc 7713P Firmware

Epyc 7713 Firmware

Epyc 7663 Firmware

Epyc 7643 Firmware

Epyc 75F3 Firmware

Epyc 7543P Firmware

Epyc 7543 Firmware

Epyc 7513 Firmware

Epyc 7453 Firmware

Epyc 74F3 Firmware

Epyc 7443P Firmware

Epyc 7443 Firmware

Epyc 7413 Firmware

Epyc 73F3 Firmware

Epyc 7343 Firmware

Epyc 7313P Firmware

Epyc 7313 Firmware

Epyc 72F3 Firmware

Epyc 7773X Firmware

Affected Vendors

Amd

References (4)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical