cve-2019-9836

Vulnerability from cvelistv5

Published

2019-06-25 20:17

Modified

2024-08-04 22:01

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html	Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/fulldisclosure/2019/Jun/46	Mailing List, Third Party Advisory
cve@mitre.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us	Third Party Advisory
cve@mitre.org	https://www.amd.com/en/corporate/product-security	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2019/Jun/46	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.amd.com/en/corporate/product-security	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:01:54.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
          },
          {
            "name": "openSUSE-SU-2019:1770",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-21T11:06:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.amd.com/en/corporate/product-security"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
        },
        {
          "name": "openSUSE-SU-2019:1770",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://seclists.org/fulldisclosure/2019/Jun/46",
              "refsource": "MISC",
              "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
            },
            {
              "name": "https://www.amd.com/en/corporate/product-security",
              "refsource": "CONFIRM",
              "url": "https://www.amd.com/en/corporate/product-security"
            },
            {
              "name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
            },
            {
              "name": "openSUSE-SU-2019:1770",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9836",
    "datePublished": "2019-06-25T20:17:47",
    "dateReserved": "2019-03-15T00:00:00",
    "dateUpdated": "2024-08-04T22:01:54.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.17b11\", \"matchCriteriaId\": \"BA3DA196-4268-4B60-865B-DEB212FCD098\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"565383C4-F690-4E3B-8A6A-B7D4ACCFAA05\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71ED05E6-8E69-41B9-9A36-CCE2D59A2603\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"805B4FEA-CFB2-429C-818B-9277B6D546C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F65FC5B9-0803-4D7F-8EF6-7B6681418596\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A5FC951-9FAD-45B4-B7CF-D1A9482507F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BB78361-9AAD-44BD-8B30-65715FEA4C06\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA7576CB-A818-47A1-9A0D-6B8FD105FF08\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C05F1EF0-3576-4D47-8704-36E9FAB1D432\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E41A87-7A39-4BB2-88E4-16DF0D81BFD2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51C8CF00-8FC8-4206-9028-6F104699DE76\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8BAB73-6F45-49AB-8F00-49A488006F3E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AAB403A-5A36-4DC3-A187-99127CF77BA7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01BE5D42-1C62-4381-89E0-8F3264F696EC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"168076CD-1E6D-4328-AB59-4C1A90735AC4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.\"}, {\"lang\": \"es\", \"value\": \"Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; tambi\\u00e9n conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementaci\\u00f3n criptogr\\u00e1fica insegura.\"}]",
      "id": "CVE-2019-9836",
      "lastModified": "2024-11-21T04:52:24.357",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-06-25T21:15:09.857",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2019/Jun/46\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.amd.com/en/corporate/product-security\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2019/Jun/46\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.amd.com/en/corporate/product-security\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-327\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9836\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-25T21:15:09.857\",\"lastModified\":\"2024-11-21T04:52:24.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.\"},{\"lang\":\"es\",\"value\":\"Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; tambi\u00e9n conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementaci\u00f3n criptogr\u00e1fica insegura.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.17b11\",\"matchCriteriaId\":\"BA3DA196-4268-4B60-865B-DEB212FCD098\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565383C4-F690-4E3B-8A6A-B7D4ACCFAA05\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71ED05E6-8E69-41B9-9A36-CCE2D59A2603\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"805B4FEA-CFB2-429C-818B-9277B6D546C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65FC5B9-0803-4D7F-8EF6-7B6681418596\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5FC951-9FAD-45B4-B7CF-D1A9482507F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB78361-9AAD-44BD-8B30-65715FEA4C06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7576CB-A818-47A1-9A0D-6B8FD105FF08\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C05F1EF0-3576-4D47-8704-36E9FAB1D432\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E41A87-7A39-4BB2-88E4-16DF0D81BFD2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C8CF00-8FC8-4206-9028-6F104699DE76\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8BAB73-6F45-49AB-8F00-49A488006F3E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AAB403A-5A36-4DC3-A187-99127CF77BA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01BE5D42-1C62-4381-89E0-8F3264F696EC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"168076CD-1E6D-4328-AB59-4C1A90735AC4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2019/Jun/46\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.amd.com/en/corporate/product-security\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://seclists.org/fulldisclosure/2019/Jun/46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.amd.com/en/corporate/product-security\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cve-2019-9836

Vulnerability from fkie_nvd

Published

2019-06-25 21:15

Modified

2024-11-21 04:52

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html	Third Party Advisory, VDB Entry
cve@mitre.org	https://seclists.org/fulldisclosure/2019/Jun/46	Mailing List, Third Party Advisory
cve@mitre.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us	Third Party Advisory
cve@mitre.org	https://www.amd.com/en/corporate/product-security	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2019/Jun/46	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.amd.com/en/corporate/product-security	Vendor Advisory

Impacted products

Vendor	Product	Version
amd	secure_encrypted_virtualization_firmware	*
amd	epyc_7251	-
amd	epyc_7261	-
amd	epyc_7281	-
amd	epyc_7301	-
amd	epyc_7351	-
amd	epyc_7351p	-
amd	epyc_7371	-
amd	epyc_7401	-
amd	epyc_7401p	-
amd	epyc_7451	-
amd	epyc_7501	-
amd	epyc_7551	-
amd	epyc_7551p	-
amd	epyc_7601	-
opensuse	leap	15.0
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3DA196-4268-4B60-865B-DEB212FCD098",
              "versionEndIncluding": "0.17b11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "565383C4-F690-4E3B-8A6A-B7D4ACCFAA05",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71ED05E6-8E69-41B9-9A36-CCE2D59A2603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "805B4FEA-CFB2-429C-818B-9277B6D546C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F65FC5B9-0803-4D7F-8EF6-7B6681418596",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5FC951-9FAD-45B4-B7CF-D1A9482507F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB78361-9AAD-44BD-8B30-65715FEA4C06",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7576CB-A818-47A1-9A0D-6B8FD105FF08",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05F1EF0-3576-4D47-8704-36E9FAB1D432",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E41A87-7A39-4BB2-88E4-16DF0D81BFD2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C8CF00-8FC8-4206-9028-6F104699DE76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8BAB73-6F45-49AB-8F00-49A488006F3E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AAB403A-5A36-4DC3-A187-99127CF77BA7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BE5D42-1C62-4381-89E0-8F3264F696EC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "168076CD-1E6D-4328-AB59-4C1A90735AC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation."
    },
    {
      "lang": "es",
      "value": "Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; tambi\u00e9n conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementaci\u00f3n criptogr\u00e1fica insegura."
    }
  ],
  "id": "CVE-2019-9836",
  "lastModified": "2024-11-21T04:52:24.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-25T21:15:09.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.amd.com/en/corporate/product-security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.amd.com/en/corporate/product-security"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-mmcw-j5qf-fj6c

Vulnerability from github

Published

2022-05-24 16:48

Modified

2024-04-04 01:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-25T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.",
  "id": "GHSA-mmcw-j5qf-fj6c",
  "modified": "2024-04-04T01:03:00Z",
  "published": "2022-05-24T16:48:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9836"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-9836

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-9836

Aliases

CVE-2019-9836

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9836",
    "description": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.",
    "id": "GSD-2019-9836",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-9836.html",
      "https://advisories.mageia.org/CVE-2019-9836.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9836"
      ],
      "details": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.",
      "id": "GSD-2019-9836",
      "modified": "2023-12-13T01:23:47.852731Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-9836",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://seclists.org/fulldisclosure/2019/Jun/46",
            "refsource": "MISC",
            "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
          },
          {
            "name": "https://www.amd.com/en/corporate/product-security",
            "refsource": "CONFIRM",
            "url": "https://www.amd.com/en/corporate/product-security"
          },
          {
            "name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
          },
          {
            "name": "openSUSE-SU-2019:1770",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "0.17b11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9836"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-327"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security"
            },
            {
              "name": "https://seclists.org/fulldisclosure/2019/Jun/46",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Jun/46"
            },
            {
              "name": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03943en_us"
            },
            {
              "name": "openSUSE-SU-2019:1770",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-04-18T17:17Z",
      "publishedDate": "2019-06-25T21:15Z"
    }
  }
}

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. Secure Encrypted Virtualization (SEV) Contains a cryptographic vulnerability.Information may be obtained. AMD Platform Security Processor is a security processor of American AMD Company. An attacker could exploit this vulnerability to obtain information. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. See [1] for details. SEV key management code runs inside the Platform Security Processor (PSP) [2].

The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware’s private DH scalar.

By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM’s launch secret. This breaks the confidentiality guarantees offered by SEV.

Key exchange during VM launch

The PSP publishes its PDH public key through SEV_PDH_CERT_EXPORT command. This key is computed by multiplying the ECC generator (NIST P256/P384 curves are supported) by the PDH private key: A<-G*k, where k, the private key, is randomly generated in the range (1, order(G)).
The client generates its private DH key, s, and computes the shared key C<-As=Gk*s. C is the shared point on the curve. Its x-coordinate is hashed and used as the master shared secret. Two keys KEK/KIK are derived from the master secret, and used to protect (encryption+integrity) the session keys.
The client computes its public key B<-G*s and sends it to the PSP through the SEV_LAUNCH_START command.
The PSP computes the shared key C by multiplying the client’s public key by its PDH private scalar: C<-Bk=Gs*k. Like the client, the PSP takes C’s x coordinate, computes the master shared secret and derives the KEK/KIK. These are used to unwrap the session keys. See API specification [3] for details.

ECDH security relies on the generator point, G, having a large order and on the discrete logarithm problem being hard for the curve.

Note that in step 4, the PSP performs a computation with its private key on user supplied data - the client’s public point.

Invalid curve attack

ECC point multiplication relies on a point addition primitive. There are different implementations for ECC point addition. A common one is based on the short Weierstrass ECC form, as described in [4]. Note that the curve’s "b" equation parameter is never used.

An invalid curve attack is where the ECDH point multiplication is done on a different curve - different (a,b) parameters. This becomes possible in the short Weierstrass point addition function since the "b" parameter is not used. On this curve, the point has a small prime order. By trying all possible values for the small order point, an attacker can recover the private scalar bits (modulo the order). The modular residues are assembled offline using the Chinese Remainder Theorem, leading to a full key recovery. See the original paper [5] on invalid curve attacks, or a more recent paper [6] on the topic.

Affected products

AMD EPYC server platforms (codename "Naples") running SEV firmware version 0.17 build 11 and below are affected.

Fix

We were able to verify the fix is properly implemented in build 22 [7]: PSP rejects points not on the NIST curve, and fails with INVALID_CERT error.

Additional issues

Certificates for PDH keys generated on a vulnerable system are still valid. This means SEV might still be vulnerable to a migration attack, where a client’s VM is migrated from a non-vulnerable system to a vulnerable one.

In addition, at this point, it is not clear whether SEV is vulnerable to a FW downgrade attack.

Credits

This vulnerability was discovered and reported to AMD by Cfir Cohen of the Google Cloud security team.

Timeline

2-19 - Vulnerability disclosed to AMD PSIRT 2-23 - AMD confirms the bug 2-25 - POC shared with AMD 5-13 - AMD requests a 30 day extension 6-04 - AMD releases fixed firmware [7] 6-07 - AMD requests a 2 week extension 6-25 - Public disclosure

[1] - https://developer.amd.com/sev/ [2] - https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor [3] - https://developer.amd.com/wp-content/resources/55766.PDF [4] - https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html [5] - https://www.iacr.org/archive/crypto2000/18800131/18800131.pdf [6] - http://www.cs.technion.ac.il/~biham/BT/bt-fixed-coordinate-invalid-curve-attack.pdf [7] - https://developer.amd.com/wp-content/resources/amd_sev_fam17h_model0xh_0.17b22.zip

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0236",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "secure encrypted virtualization",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "amd",
        "version": "0.17b11"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "secure encrypted virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "advanced micro devices amd",
        "version": "0.17 build 11"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "0.17b11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google Security Research",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9836",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-9836",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-161271",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2019-9836",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9836",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-922",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-161271",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-9836",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. Secure Encrypted Virtualization (SEV) Contains a cryptographic vulnerability.Information may be obtained. AMD Platform Security Processor is a security processor of American AMD Company. An attacker could exploit this vulnerability to obtain information. SEV protects guest virtual machines from the hypervisor, provides\nconfidentiality guarantees at runtime and remote attestation at launch\ntime. See [1] for details. SEV key management code runs inside the Platform\nSecurity Processor (PSP) [2]. \n\nThe SEV elliptic-curve (ECC) implementation was found to be vulnerable to\nan invalid curve attack. At launch-start command, an attacker can send\nsmall order ECC points not on the official NIST curves, and force the SEV\nfirmware to multiply a small order point by the firmware\u2019s private DH\nscalar. \n\nBy collecting enough modular residues, an attacker can recover the complete\nPDH private key. With the PDH, an attacker can recover the session key and\nthe VM\u2019s launch secret. This breaks the confidentiality guarantees offered\nby SEV. \n\n\nKey exchange during VM launch\n=========================\n\n1. The PSP publishes its PDH public key through SEV_PDH_CERT_EXPORT\ncommand. This key is computed by multiplying the ECC generator (NIST\nP256/P384 curves are supported) by the PDH private key: A\u003c-G*k, where k,\nthe private key, is randomly generated in the range (1, order(G)). \n\n\n2. The client generates its private DH key, s, and computes the shared key\nC\u003c-A*s=G*k*s. C is the shared point on the curve. Its x-coordinate is\nhashed and used as the master shared secret. Two keys KEK/KIK are derived\nfrom the master secret, and used to protect (encryption+integrity) the\nsession keys. \n\n\n3. The client computes its public key B\u003c-G*s and sends it to the PSP\nthrough the SEV_LAUNCH_START command. \n\n\n4. The PSP computes the shared key C by multiplying the client\u2019s public key\nby its PDH private scalar: C\u003c-B*k=G*s*k. Like the client, the PSP takes C\u2019s\nx coordinate, computes the master shared secret and derives the KEK/KIK. \nThese are used to unwrap the session keys. See API specification [3] for\ndetails. \n\nECDH security relies on the generator point, G, having a large order and on\nthe discrete logarithm problem being hard for the curve. \n\nNote that in step 4, the PSP performs a computation with its private key on\nuser supplied data - the client\u2019s public point. \n\n\nInvalid curve attack\n===============\n\nECC point multiplication relies on a point addition primitive. There are\ndifferent implementations for ECC point addition. A common one is based on\nthe short Weierstrass ECC form, as described in [4]. Note that the curve\u2019s\n\"b\" equation parameter is never used. \n\nAn invalid curve attack is where the ECDH point multiplication is done on a\ndifferent curve - different (a,b) parameters. This becomes possible in the\nshort Weierstrass point addition function since the \"b\" parameter is not\nused. On this curve, the point has a small prime order. By trying all\npossible values for the small order point, an attacker can recover the\nprivate scalar bits (modulo the order). The modular residues are assembled\noffline using the Chinese Remainder Theorem, leading to a full key\nrecovery. See the original paper [5] on invalid curve attacks, or a more\nrecent paper [6] on the topic. \n\n\nAffected products\n=============\n\nAMD EPYC server platforms (codename \"Naples\") running SEV firmware version\n0.17 build 11 and below are affected. \n\n\nFix\n===\n\nWe were able to verify the fix is properly implemented in build 22 [7]: PSP\nrejects points not on the NIST curve, and fails with INVALID_CERT error. \n\n\nAdditional issues\n=============\n\nCertificates for PDH keys generated on a vulnerable system are still valid. \nThis means SEV might still be vulnerable to a migration attack, where a\nclient\u2019s VM is migrated from a non-vulnerable system to a vulnerable one. \n\nIn addition, at this point, it is not clear whether SEV is vulnerable to a\nFW downgrade attack. \n\n\nCredits\n======\n\n\nThis vulnerability was discovered and reported to AMD by Cfir Cohen of the\nGoogle Cloud security team. \n\n\nTimeline\n=======\n\n2-19 - Vulnerability disclosed to AMD PSIRT\n2-23 - AMD confirms the bug\n2-25 - POC shared with AMD\n5-13 - AMD requests a 30 day extension\n6-04 - AMD releases fixed firmware [7]\n6-07 - AMD requests a 2 week extension\n6-25 - Public disclosure\n\n\n[1] - https://developer.amd.com/sev/\n[2] - https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor\n[3] - https://developer.amd.com/wp-content/resources/55766.PDF\n[4] - https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html\n[5] - https://www.iacr.org/archive/crypto2000/18800131/18800131.pdf\n[6] -\nhttp://www.cs.technion.ac.il/~biham/BT/bt-fixed-coordinate-invalid-curve-attack.pdf\n[7] -\nhttps://developer.amd.com/wp-content/resources/amd_sev_fam17h_model0xh_0.17b22.zip\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "PACKETSTORM",
        "id": "153436"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9836",
        "trust": 2.7
      },
      {
        "db": "PACKETSTORM",
        "id": "153436",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2518",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2545",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-161271",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "PACKETSTORM",
        "id": "153436"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "id": "VAR-201906-0236",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:28:14.224000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Secure Encrypted Virtualization Invalid ECC Curve Points (CVE-2019-9836)",
        "trust": 0.8,
        "url": "https://www.amd.com/en/corporate/product-security"
      },
      {
        "title": "AMD Platform Security Processor Secure Encrypted Virtualization Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94052"
      },
      {
        "title": "Debian CVElist Bug Report Logs: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f38d2be7d799498a8167385e98a25b5d"
      },
      {
        "title": "Debian Security Advisories: DSA-5459-1 amd64-microcode -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=cba30181a6a30ef97d2f3c4353fa3ffe"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/153436/amd-secure-encrypted-virtualization-sev-key-recovery.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.amd.com/en/corporate/product-security"
      },
      {
        "trust": 1.8,
        "url": "https://seclists.org/fulldisclosure/2019/jun/46"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03943en_us"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9836"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9836"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191792-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191803-1/"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191802-1/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/amd-secure-processor-information-disclosure-via-sev-insecure-cryptography-29729"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2518/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2545/"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03943en_us"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/327.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970395"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/2023/dsa-5459"
      },
      {
        "trust": 0.1,
        "url": "https://developer.amd.com/wp-content/resources/55766.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://developer.amd.com/wp-content/resources/amd_sev_fam17h_model0xh_0.17b22.zip"
      },
      {
        "trust": 0.1,
        "url": "http://www.cs.technion.ac.il/~biham/bt/bt-fixed-coordinate-invalid-curve-attack.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://www.hyperelliptic.org/efd/g1p/auto-shortw.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.iacr.org/archive/crypto2000/18800131/18800131.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://developer.amd.com/sev/"
      },
      {
        "trust": 0.1,
        "url": "https://en.wikipedia.org/wiki/amd_platform_security_processor"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "PACKETSTORM",
        "id": "153436"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "db": "PACKETSTORM",
        "id": "153436"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "date": "2019-06-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "date": "2019-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "date": "2019-06-26T15:55:45",
        "db": "PACKETSTORM",
        "id": "153436"
      },
      {
        "date": "2019-06-25T21:15:09.857000",
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "date": "2019-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161271"
      },
      {
        "date": "2022-04-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-9836"
      },
      {
        "date": "2019-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      },
      {
        "date": "2022-04-18T17:17:17.887000",
        "db": "NVD",
        "id": "CVE-2019-9836"
      },
      {
        "date": "2022-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "153436"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Encrypted Virtualization Cryptographic vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005971"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-922"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2019-9836

Vulnerability from cvelistv5

cve-2019-9836

Vulnerability from fkie_nvd

ghsa-mmcw-j5qf-fj6c

Vulnerability from github

gsd-2019-9836

Vulnerability from gsd

var-201906-0236

Vulnerability from variot

Key exchange during VM launch

Invalid curve attack

Affected products

Fix

Additional issues

Credits

Timeline

Tags

Sightings

Nomenclature