What is CVE-2021-26311?

CVE-2021-26311 is a high-severity vulnerability in Amd Epyc_7232p, classified under Command Injection. CVSS score: 7.2/10. Published 2021-05-13.

How severe is CVE-2021-26311?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Amd Epyc_7232p

CVE-2021-26311

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the g…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.017 (74.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Amd Epyc_7232p
Amd Epyc_7251
Amd Epyc_7252
Amd Epyc_7261
Amd Epyc_7262
Amd Epyc_7272
Amd Epyc_7281
Amd Epyc_7282
Amd Epyc_72f3
Amd Epyc_7301

Weakness classification (CWE)

CWE-77 — Command Injection

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26311?: CVE-2021-26311 is a high-severity vulnerability in Amd Epyc_7232p, classified under Command Injection. CVSS score: 7.2/10. Published 2021-05-13.
How severe is CVE-2021-26311?: High severity. CVSS v3 base score is 7.2 out of 10.