CVE-2021-26401
Public on 2022-03-09
Modified on 2023-01-18
Description
AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (*5a*). This is done by default, and no administrator action is needed.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | kernel | 2022-03-07 | ALAS-2022-1571 | Fixed |
Amazon Linux 2 - Core | kernel | 2022-03-07 | ALAS2-2022-1761 | Fixed |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-03-07 | ALAS2KERNEL-5.10-2022-011 | Fixed |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-03-07 | ALAS2KERNEL-5.4-2022-023 | Fixed |
Amazon Linux 2023 | kernel | 2023-02-17 | ALAS2023-2023-070 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 4.7 | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 1.9 | AV:L/AC:M/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |