#VU53293 Code Injection in AMD products - CVE-2021-26311
Published: May 17, 2021 / Updated: March 22, 2022
Vulnerability identifier: #VU53293
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-26311
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AMD EPYC Embedded Processors
3rd Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
1st Gen AMD EPYC Processors
AMD EPYC Embedded Processors
3rd Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
1st Gen AMD EPYC Processors
Software vendor:
AMD
AMD
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to the memory can be rearranged in the guest address space that is not detected by the attestation mechanism in the AMD SEV/SEV-ES feature. A remote administrator can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.