CVE-2021-26342 [Low] | Security Vulnerability in Epyc 7763 Firmware

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	0.04%	0.06%	+0.01%
2	2025-03-29	0.06%	0.04%	-0.01%
3	2025-03-17	—	0.06%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

0.04%

0.06%

+0.01%

2025-03-29

0.06%

0.04%

-0.01%

2025-03-17

—

0.06%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
3.3	3.1	LOW	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.8	1.4	[email protected]
2.1	2.0	LOW	`AV:L/AC:L/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.9	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

3.3

3.1

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.8

1.4

[email protected]

2.1

2.0

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.9

2.9

[email protected]

OS Trackers for CVE-2021-26342

vendor	priority	summary	link
`suse`	medium	CVE-2021-26342 severity moderate: SUSE including 436 source package names (kernel-firmware, kernel-firmware-20170530-21.34.1, …), 756 product×package rows across 60 product lines (Container rancher/elemental-teal-rt/5.3, Container rancher/elemental-teal-rt/5.4, … (60 product lines)): Fixed 755, Known Not Affected 1.	https://www.suse.com/security/cve/CVE-2021-26342/

Affected software / configurations for CVE-2021-26342

Vendor	Product	Version	Raw CPE
amd	epyc_7763_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7763_firmware::::::::
amd	epyc_7713p_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7713p_firmware::::::::
amd	epyc_7713_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7713_firmware::::::::
amd	epyc_7663_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7663_firmware::::::::
amd	epyc_7643_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7643_firmware::::::::
amd	epyc_75f3_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_75f3_firmware::::::::
amd	epyc_7543p_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7543p_firmware::::::::
amd	epyc_7543_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7543_firmware::::::::
amd	epyc_7513_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7513_firmware::::::::
amd	epyc_7453_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7453_firmware::::::::
amd	epyc_74f3_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_74f3_firmware::::::::
amd	epyc_7443p_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7443p_firmware::::::::
amd	epyc_7443_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7443_firmware::::::::
amd	epyc_7413_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7413_firmware::::::::
amd	epyc_73f3_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_73f3_firmware::::::::
amd	epyc_7343_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7343_firmware::::::::
amd	epyc_7313p_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7313p_firmware::::::::
amd	epyc_7313_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7313_firmware::::::::
amd	epyc_72f3_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_72f3_firmware::::::::
amd	epyc_7773x_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7773x_firmware::::::::
amd	epyc_7473x_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7473x_firmware::::::::
amd	epyc_7573x_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7573x_firmware::::::::
amd	epyc_7373x_firmware	< milanpi-sp3_1.0.0.7	cpe:2.3:o:amd:epyc_7373x_firmware::::::::
amd	epyc_7001_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7001_firmware::::::::
amd	epyc_7251_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7251_firmware::::::::
amd	epyc_7261_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7261_firmware::::::::
amd	epyc_7281_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7281_firmware::::::::
amd	epyc_7301_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7301_firmware::::::::
amd	epyc_7351_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7351_firmware::::::::
amd	epyc_7351p_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7351p_firmware::::::::
amd	epyc_7371_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7371_firmware::::::::
amd	epyc_7401_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7401_firmware::::::::
amd	epyc_7401p_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7401p_firmware::::::::
amd	epyc_7451_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7451_firmware::::::::
amd	epyc_7501_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7501_firmware::::::::
amd	epyc_7551_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7551_firmware::::::::
amd	epyc_7551p_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7551p_firmware::::::::
amd	epyc_7601_firmware	< naplespi-sp3_1.0.0.h	cpe:2.3:o:amd:epyc_7601_firmware::::::::

References for CVE-2021-26342

URL	Tags
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028	Vendor Advisory

URL

CVE-2021-26342

Exploit prediction scoring system (EPSS) score for CVE-2021-26342

Common vulnerability scoring system (CVSS) metrics for CVE-2021-26342

Weakness enumeration for CVE-2021-26342

OS Trackers for CVE-2021-26342

Affected software / configurations for CVE-2021-26342

References for CVE-2021-26342