CVE-2021-26396
Severity CVSS v4.0:
Pending analysis
Type:
CWE-345
Insufficient Verification of Data Authenticity
Publication date:
11/01/2023
Last modified:
09/04/2025
Description
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.<br />
<br />
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) | |
| cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page