CVE-2021-26367

Q: What is the severity of CVE-2021-26367?

CVE-2021-26367 has a CVSS score of 5.7 (MEDIUM). This AMD processor vulnerability allows attackers with local access to misconfigure Trusted Memory Regions (TMRs), potentially enabling arbitrary memory access that could compromise system integrity and availability. It affects AMD processors with Secure Encrypted Virtualization (SEV) enabled, primarily impacting cloud and virtualized environments.

5.7 MEDIUM

📋 TL;DR

This AMD processor vulnerability allows attackers with local access to misconfigure Trusted Memory Regions (TMRs), potentially enabling arbitrary memory access that could compromise system integrity and availability. It affects AMD processors with Secure Encrypted Virtualization (SEV) enabled, primarily impacting cloud and virtualized environments.

💻 Affected Systems

Products:

AMD EPYC processors
AMD Ryzen processors with SEV support

Versions: Processors with SEV/SEV-ES/SEV-SNP features

Operating Systems: Linux with SEV support enabled, Virtualization platforms using AMD SEV

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Secure Encrypted Virtualization (SEV) features are enabled and configured. Standard desktop configurations without virtualization are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to bypass memory isolation, potentially leading to data theft, privilege escalation, or denial of service across virtual machines.

🟠

Likely Case

Local privilege escalation within virtualized environments, potentially allowing attackers to escape VM isolation and access host system resources.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only affecting availability of specific virtualized workloads.

🌐 Internet-Facing: LOW - Requires local access to the vulnerable system, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Affects virtualized environments where attackers could gain local access through compromised VMs or insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and detailed knowledge of AMD SEV architecture. No public exploits have been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AMD AGESA firmware updates (specific versions vary by processor family)

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

Restart Required: Yes

Instructions:

1. Check AMD advisory for specific AGESA version for your processor. 2. Update system BIOS/UEFI firmware from motherboard/vendor. 3. Reboot system to apply firmware update. 4. Verify SEV functionality remains operational.

🔧 Temporary Workarounds

Disable SEV features

linux

Temporarily disable Secure Encrypted Virtualization features until firmware can be updated

echo 0 > /sys/module/kvm_amd/parameters/sev
systemctl restart libvirtd

🧯 If You Can't Patch

Implement strict access controls to limit local access to virtualized systems
Monitor for unusual memory access patterns and virtualization layer anomalies

🔍 How to Verify

Check if Vulnerable:

Check if SEV is enabled: 'cat /sys/module/kvm_amd/parameters/sev' returns 1, and check processor microcode version

Check Version:

dmesg | grep -i microcode OR cat /proc/cpuinfo | grep -i microcode

Verify Fix Applied:

Verify AGESA firmware version matches patched version from AMD advisory and confirm SEV functionality

📡 Detection & Monitoring

Log Indicators:

Unusual TMR configuration attempts in hypervisor logs
SEV initialization failures or anomalies

Network Indicators:

Not network exploitable - focus on host system monitoring

SIEM Query:

source="hypervisor" AND ("TMR" OR "SEV" OR "memory_region") AND ("configuration" OR "modification")

📊 Metadata

CVE ID: CVE-2021-26367

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Published: August 13, 2024

Last Updated: December 12, 2024

🔗 References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html Vendor Advisory
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Athlon Gold 3150c Firmware by Amd

Athlon Gold 3150g Firmware by Amd

Athlon Gold 3150u Firmware by Amd

Athlon Gold Pro 3150g Firmware by Amd

Athlon Gold Pro 3150ge Firmware by Amd

Athlon Pro 300ge Firmware by Amd

Athlon Pro 3045b Firmware by Amd

Athlon Pro 3145b Firmware by Amd

Athlon Silver 3050c Firmware by Amd

Athlon Silver 3050e Firmware by Amd

Athlon Silver 3050u Firmware by Amd

Radeon Software by Amd

Radeon Software by Amd

Ryzen 3 3300u Firmware by Amd

Ryzen 3 3350u Firmware by Amd

Ryzen 3 4300g Firmware by Amd

Ryzen 3 4300ge Firmware by Amd

Ryzen 3 5300g Firmware by Amd

Ryzen 3 5300ge Firmware by Amd

Ryzen 5 3450u Firmware by Amd

Ryzen 5 3500c Firmware by Amd

Ryzen 5 3500u Firmware by Amd

Ryzen 5 3550h Firmware by Amd

Ryzen 5 3580u Firmware by Amd

Ryzen 5 4600g Firmware by Amd

Ryzen 5 4600ge Firmware by Amd

Ryzen 5 5600g Firmware by Amd

Ryzen 5 5600ge Firmware by Amd

Ryzen 7 3700c Firmware by Amd

Ryzen 7 3700u Firmware by Amd

Ryzen 7 3750h Firmware by Amd

Ryzen 7 3780u Firmware by Amd

Ryzen 7 4700g Firmware by Amd

Ryzen 7 4700ge Firmware by Amd

Ryzen 7 5700g Firmware by Amd

Ryzen 7 5700ge Firmware by Amd

Ryzen 9 5980hx Firmware by Amd