What is CVE-2021-26340?

CVE-2021-26340 is a high-severity vulnerability in Amd Epyc™. CVSS score: 8.4/10. Published 2021-12-10.

How severe is CVE-2021-26340?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Amd Epyc™

CVE-2021-26340

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).

EPSS: 0.002 (14.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N.

Affected products

Amd Epyc™ — versions Processor
Amd Epyc_7001
Amd Epyc_7001_firmware
Amd Epyc_7232p
Amd Epyc_7232p_firmware
Amd Epyc_7251
Amd Epyc_7251_firmware
Amd Epyc_7252
Amd Epyc_7252_firmware
Amd Epyc_7261

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-26340?: CVE-2021-26340 is a high-severity vulnerability in Amd Epyc™. CVSS score: 8.4/10. Published 2021-12-10.
How severe is CVE-2021-26340?: High severity. CVSS v3 base score is 8.4 out of 10.