Login Sign Up

CVE-2021-26332

7.1 HIGH

📋 TL;DR

This AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) firmware vulnerability allows attackers to compromise the integrity or availability of virtual machines by exploiting improper memory region validation. It affects systems using AMD EPYC processors with SEV-ES enabled. The vulnerability could allow attackers to bypass security boundaries in virtualized environments.

💻 Affected Systems

Products:
  • AMD EPYC Processors
Versions: Specific firmware versions as detailed in AMD advisory
Operating Systems: Any OS running on affected AMD processors with SEV-ES enabled
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with SEV-ES feature enabled. Requires AMD EPYC processors with specific firmware versions.

📦 What is this software?

Epyc 72f3 Firmware by Amd

View all CVEs affecting Epyc 72f3 Firmware →

Epyc 7313 Firmware by Amd

View all CVEs affecting Epyc 7313 Firmware →

Epyc 7313p Firmware by Amd

View all CVEs affecting Epyc 7313p Firmware →

Epyc 7343 Firmware by Amd

View all CVEs affecting Epyc 7343 Firmware →

Epyc 7373x Firmware by Amd

View all CVEs affecting Epyc 7373x Firmware →

Epyc 73f3 Firmware by Amd

View all CVEs affecting Epyc 73f3 Firmware →

Epyc 7413 Firmware by Amd

View all CVEs affecting Epyc 7413 Firmware →

Epyc 7443 Firmware by Amd

View all CVEs affecting Epyc 7443 Firmware →

Epyc 7443p Firmware by Amd

View all CVEs affecting Epyc 7443p Firmware →

Epyc 7453 Firmware by Amd

View all CVEs affecting Epyc 7453 Firmware →

Epyc 7473x Firmware by Amd

View all CVEs affecting Epyc 7473x Firmware →

Epyc 74f3 Firmware by Amd

View all CVEs affecting Epyc 74f3 Firmware →

Epyc 7513 Firmware by Amd

View all CVEs affecting Epyc 7513 Firmware →

Epyc 7543 Firmware by Amd

View all CVEs affecting Epyc 7543 Firmware →

Epyc 7543p Firmware by Amd

View all CVEs affecting Epyc 7543p Firmware →

Epyc 7573x Firmware by Amd

View all CVEs affecting Epyc 7573x Firmware →

Epyc 75f3 Firmware by Amd

View all CVEs affecting Epyc 75f3 Firmware →

Epyc 7643 Firmware by Amd

View all CVEs affecting Epyc 7643 Firmware →

Epyc 7663 Firmware by Amd

View all CVEs affecting Epyc 7663 Firmware →

Epyc 7713 Firmware by Amd

View all CVEs affecting Epyc 7713 Firmware →

Epyc 7713p Firmware by Amd

View all CVEs affecting Epyc 7713p Firmware →

Epyc 7763 Firmware by Amd

View all CVEs affecting Epyc 7763 Firmware →

Epyc 7773x Firmware by Amd

View all CVEs affecting Epyc 7773x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SEV-ES protected virtual machines, allowing attackers to bypass memory encryption protections and potentially gain unauthorized access to sensitive data or disrupt VM operations.

🟠

Likely Case

Denial of service affecting SEV-ES protected virtual machines, potentially causing VM crashes or instability in virtualized environments.

🟢

If Mitigated

Minimal impact if SEV-ES is disabled or systems are not using affected AMD processors in virtualized configurations.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the hypervisor layer and affects firmware-level protections rather than network-facing services.
🏢 Internal Only: MEDIUM - While requiring local hypervisor access, the impact on virtualized infrastructure could be significant for organizations using affected AMD processors with SEV-ES enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local hypervisor access and knowledge of SEV-ES firmware internals. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates as specified in AMD-SB-1021

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Restart Required: Yes

Instructions:

1. Check AMD advisory for specific affected firmware versions. 2. Download updated firmware from AMD or system vendor. 3. Apply firmware update following vendor-specific procedures. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Disable SEV-ES

all

Temporarily disable SEV-ES feature to mitigate vulnerability until firmware can be updated

Check BIOS/UEFI settings for SEV-ES option and disable

🧯 If You Can't Patch

  • Isolate affected systems from critical workloads
  • Implement strict access controls to hypervisor management interfaces

🔍 How to Verify

Check if Vulnerable:

Check system firmware version against affected versions listed in AMD-SB-1021 advisory

Check Version:

dmidecode -t bios (Linux) or wmic bios get smbiosbiosversion (Windows)

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in AMD advisory

📡 Detection & Monitoring

Log Indicators:

  • Hypervisor logs showing SEV-ES errors or unexpected memory access patterns
  • System logs showing firmware-related crashes

Network Indicators:

  • No network-based indicators as this is a local firmware vulnerability

SIEM Query:

Search for firmware update events or hypervisor access logs related to AMD SEV-ES systems

📊 Metadata

CVE ID: CVE-2021-26332
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Published: May 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON