CVE-2021-26401

moderate-risk

Published 2022-03-11

LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

LOCAL / HIGH complexity

Athlon X4 940 Firmware

Athlon X4 950 Firmware

Athlon X4 970 Firmware

Athlon X4 835 Firmware

Athlon X4 845 Firmware

Athlon X4 830 Firmware

Athlon X4 840 Firmware

Athlon X4 860K Firmware

Athlon X4 870K Firmware

Athlon X4 880K Firmware

Athlon X4 750 Firmware

Athlon X4 760K Firmware

Ryzen Threadripper Pro 5995Wx Firmware

Ryzen Threadripper Pro 5975Wx Firmware

Ryzen Threadripper Pro 5965Wx Firmware

Ryzen Threadripper Pro 5955Wx Firmware

Ryzen Threadripper Pro 5945Wx Firmware

Ryzen Threadripper 2990Wx Firmware

Ryzen Threadripper 2970Wx Firmware

Ryzen Threadripper 2950X Firmware

Amd

Mailing List http://www.openwall.com/lists/oss-security/2022/03/18/2

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

Mailing List http://www.openwall.com/lists/oss-security/2022/03/18/2

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036

/ 100

moderate-risk

Severity 15/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 31/34 · Critical