5.5
CVE-2021-26327
- EPSS 0.06%
- Veröffentlicht 16.11.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:56:06
- Quelle psirt@amd.com
- Teams Watchlist Login
- Unerledigt Login
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amd ≫ Epyc 7003 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 72f3 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7313 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7313p Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7343 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 73f3 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7413 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7443 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7443p Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7453 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 74f3 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7513 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7543 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7543p Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 75f3 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7643 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7663 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7713 Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7713p Firmware Version < milanpi-sp3_1.0.0.4
Amd ≫ Epyc 7763 Firmware Version < milanpi-sp3_1.0.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.