Skip to main content

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 16, 2021 - 19:15 nvd
MEDIUM 5.5

DescriptionNVD

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.

AnalysisAI

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. Affected products include: Amd Epyc 7232P Firmware, Amd Epyc 7763 Firmware, Amd Epyc 7713P Firmware, Amd Epyc 7713 Firmware, Amd Epyc 7663 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-20520 CRITICAL
9.8 May 09

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-b

CVE-2023-20593 MEDIUM POC
5.5 Jul 24

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s

CVE-2021-26340 HIGH
8.4 Dec 10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl

CVE-2021-26335 HIGH
7.8 Nov 16

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us

CVE-2021-26331 HIGH
7.8 Nov 16

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent

CVE-2021-26323 HIGH
7.8 Nov 16

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. Rated high se

CVE-2021-26326 HIGH
7.8 Nov 16

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. Rated high severity (CVSS 7.8)

CVE-2023-20533 HIGH
7.5 Nov 14

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva

CVE-2023-20524 HIGH
7.5 May 09

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out

CVE-2023-20531 HIGH
7.5 Jan 11

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value

CVE-2023-20529 HIGH
7.5 Jan 11

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value poten

CVE-2021-26338 HIGH
7.5 Nov 16

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control table

Share

CVE-2021-26325 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy