Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for ryzen_firmware by amd
CVE-2021-26318 (GCVE-0-2021-26318)
Vulnerability from cvelistv5 – Published: 2021-10-13 18:29 – Updated: 2024-09-16 16:48
VLAI
EPSS
VEX
Title
Side-channels Related to the x86 PREFETCH Instruction
Summary
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
Severity
No CVSS data available.
CWE
- CWE-208 - Information Exposure Through Timing Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | All supported processors |
Affected:
unspecified , < undefined
(custom)
|
Date Public
2021-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All supported processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "undefined",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T18:29:14.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
],
"source": {
"advisory": "AMD-SB-1017",
"discovery": "EXTERNAL"
},
"title": "Side-channels Related to the x86 PREFETCH Instruction",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-10-12T19:30:00.000Z",
"ID": "CVE-2021-26318",
"STATE": "PUBLIC",
"TITLE": "Side-channels Related to the x86 PREFETCH Instruction"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All supported processors",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
]
},
"source": {
"advisory": "AMD-SB-1017",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26318",
"datePublished": "2021-10-13T18:29:14.977Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:55.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8932 (GCVE-0-2018-8932)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8932",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8935 (GCVE-0-2018-8935)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8935",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8931 (GCVE-0-2018-8931)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8931",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8930 (GCVE-0-2018-8930)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8930",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8934 (GCVE-0-2018-8934)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8934",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8936 (GCVE-0-2018-8936)
Vulnerability from cvelistv5 – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8936",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26318 (GCVE-0-2021-26318)
Vulnerability from nvd – Published: 2021-10-13 18:29 – Updated: 2024-09-16 16:48
VLAI
EPSS
VEX
Title
Side-channels Related to the x86 PREFETCH Instruction
Summary
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
Severity
No CVSS data available.
CWE
- CWE-208 - Information Exposure Through Timing Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | All supported processors |
Affected:
unspecified , < undefined
(custom)
|
Date Public
2021-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All supported processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "undefined",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T18:29:14.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
],
"source": {
"advisory": "AMD-SB-1017",
"discovery": "EXTERNAL"
},
"title": "Side-channels Related to the x86 PREFETCH Instruction",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-10-12T19:30:00.000Z",
"ID": "CVE-2021-26318",
"STATE": "PUBLIC",
"TITLE": "Side-channels Related to the x86 PREFETCH Instruction"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All supported processors",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": ""
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
}
]
},
"source": {
"advisory": "AMD-SB-1017",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26318",
"datePublished": "2021-10-13T18:29:14.977Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:55.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8932 (GCVE-0-2018-8932)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8932",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8935 (GCVE-0-2018-8935)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8935",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8931 (GCVE-0-2018-8931)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8931",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8930 (GCVE-0-2018-8930)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03841en_us"
},
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8930",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:47.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8934 (GCVE-0-2018-8934)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8934",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8936 (GCVE-0-2018-8936)
Vulnerability from nvd – Published: 2018-03-22 14:00 – Updated: 2024-08-05 07:10
VLAI
EPSS
VEX
Summary
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://amdflaws.com/ | x_refsource_MISC |
| https://blog.trailofbits.com/2018/03/15/amd-flaws… | x_refsource_MISC |
| https://community.amd.com/community/amd-corporate… | x_refsource_MISC |
| https://safefirmware.com/amdflaws_whitepaper.pdf | x_refsource_MISC |
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amdflaws.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8936",
"datePublished": "2018-03-22T14:00:00.000Z",
"dateReserved": "2018-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:10:46.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}