CVE Vulnerabilities

CVE-2021-26396

Insufficient Verification of Data Authenticity

Published: Jan 11, 2023 | Modified: Nov 07, 2023
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Epyc_7003_firmware Amd * milanpi-sp3_1.0.0.9 (excluding)

References