CVE-2021-26406

Q: What is the severity of CVE-2021-26406?

CVE-2021-26406 has a CVSS score of 7.5 (HIGH). This vulnerability in AMD's Secure Encrypted Virtualization (SEV) and SEV-ES technology allows insufficient validation of Owner's Certificate Authority certificates, potentially causing a host crash and denial of service. It affects systems using AMD processors with SEV/SEV-ES features enabled, primarily in virtualized environments.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in AMD's Secure Encrypted Virtualization (SEV) and SEV-ES technology allows insufficient validation of Owner's Certificate Authority certificates, potentially causing a host crash and denial of service. It affects systems using AMD processors with SEV/SEV-ES features enabled, primarily in virtualized environments.

💻 Affected Systems

Products:

AMD EPYC processors with SEV/SEV-ES features

Versions: Multiple generations of AMD EPYC processors with SEV/SEV-ES enabled

Operating Systems: Linux distributions with SEV/SEV-ES support, Hypervisors supporting AMD SEV

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where SEV or SEV-ES features are enabled and in use. Systems without these features enabled are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete host system crash leading to denial of service for all virtual machines running on the affected host, potentially causing extended downtime.

🟠

Likely Case

Host instability or crash when processing malformed OCA certificates, resulting in temporary denial of service for virtual machines.

🟢

If Mitigated

No impact if patches are applied or SEV features are disabled.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the hypervisor or ability to submit malformed certificates to the SEV platform.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised internal accounts with hypervisor access could exploit this to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to submit malformed OCA certificates to the SEV platform, typically requiring hypervisor-level access or compromised administrative privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AMD microcode updates and BIOS updates as specified in AMD-SB-3001 and AMD-SB-4001

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

Restart Required: Yes

Instructions:

1. Check with your hardware vendor for updated BIOS/firmware. 2. Apply AMD microcode updates. 3. Update hypervisor software if applicable. 4. Reboot the system to apply updates.

🔧 Temporary Workarounds

Disable SEV/SEV-ES features

all

Temporarily disable AMD SEV and SEV-ES features in BIOS/UEFI settings to mitigate the vulnerability.

Access BIOS/UEFI settings during boot and disable SEV/SEV-ES options

🧯 If You Can't Patch

Restrict hypervisor access to trusted administrators only
Implement strict certificate validation and monitoring for SEV certificate processing

🔍 How to Verify

Check if Vulnerable:

Check BIOS/UEFI settings for SEV/SEV-ES enabled status and verify processor microcode version against AMD advisories.

Check Version:

cat /proc/cpuinfo | grep -i microcode (Linux) or check BIOS/UEFI version

Verify Fix Applied:

Verify updated microcode version is loaded and SEV features are functioning properly after applying patches.

📡 Detection & Monitoring

Log Indicators:

Hypervisor crash logs
SEV/SEV-ES initialization failures
Certificate validation errors in hypervisor logs

Network Indicators:

Unusual hypervisor management traffic patterns

SIEM Query:

search hypervisor logs for 'SEV', 'OCA certificate', 'validation error', or 'crash' events

📊 Metadata

CVE ID: CVE-2021-26406

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: May 9, 2023

Last Updated: January 28, 2025

🔗 References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Epyc 7232p Firmware by Amd

Epyc 7251 Firmware by Amd

Epyc 7252 Firmware by Amd

Epyc 7261 Firmware by Amd

Epyc 7262 Firmware by Amd

Epyc 7272 Firmware by Amd

Epyc 7281 Firmware by Amd

Epyc 7282 Firmware by Amd

Epyc 7301 Firmware by Amd

Epyc 7302 Firmware by Amd

Epyc 7302p Firmware by Amd

Epyc 7351 Firmware by Amd

Epyc 7351p Firmware by Amd

Epyc 7352 Firmware by Amd

Epyc 7371 Firmware by Amd

Epyc 7401 Firmware by Amd

Epyc 7401p Firmware by Amd

Epyc 7402 Firmware by Amd

Epyc 7402p Firmware by Amd

Epyc 7451 Firmware by Amd

Epyc 7452 Firmware by Amd

Epyc 7501 Firmware by Amd

Epyc 7502 Firmware by Amd

Epyc 7502p Firmware by Amd

Epyc 7532 Firmware by Amd

Epyc 7542 Firmware by Amd

Epyc 7551 Firmware by Amd

Epyc 7551p Firmware by Amd

Epyc 7552 Firmware by Amd

Epyc 7571 Firmware by Amd

Epyc 7601 Firmware by Amd

Epyc 7642 Firmware by Amd

Epyc 7662 Firmware by Amd

Epyc 7702 Firmware by Amd

Epyc 7702p Firmware by Amd

Epyc 7742 Firmware by Amd

Epyc 7f32 Firmware by Amd

Epyc 7f52 Firmware by Amd

Epyc 7f72 Firmware by Amd

Epyc 7h12 Firmware by Amd