CVE-2021-26340

high-risk

Published 2021-12-10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Epyc 7001 Firmware

Epyc 7232P Firmware

Epyc 7251 Firmware

Epyc 7261 Firmware

Epyc 7252 Firmware

Epyc 74F3 Firmware

Epyc 7501 Firmware

Epyc 7502 Firmware

Epyc 7502P Firmware

Epyc 7513 Firmware

Epyc 7532 Firmware

Epyc 7542 Firmware

Epyc 7543 Firmware

Epyc 7543P Firmware

Epyc 7551 Firmware

Epyc 7551P Firmware

Epyc 7552 Firmware

Epyc 75F3 Firmware

Epyc 7601 Firmware

Epyc 7642 Firmware

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1023

/ 100

high-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 30/34 · Critical