github - ghsa-rjfc-fv4g-m58q

ghsa-rjfc-fv4g-m58q

Vulnerability from github

Published

2022-05-24 19:20

Modified

2022-07-09 00:00

Severity

5.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-16T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.",
  "id": "GHSA-rjfc-fv4g-m58q",
  "modified": "2022-07-09T00:00:22Z",
  "published": "2022-05-24T19:20:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12954"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2020-12954

Vulnerability from cvelistv5

Published

2021-11-16 18:11

Modified

2024-09-16 18:48

Severity

Summary

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

References

URL	Tags
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021	x_refsource_MISC

Impacted products

Vendor	Product
AMD	1st Gen AMD EPYC™
AMD	2nd Gen AMD EPYC™
AMD	3rd Gen AMD EPYC™

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1st Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "NaplesPI-SP3_1.0.0.G",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "2nd Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RomePI-SP3_1.0.0.C",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "3rd Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MilanPI-SP3_1.0.0.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693 Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-16T18:11:02",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1021",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
          "ID": "CVE-2020-12954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1st Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "NaplesPI-SP3_1.0.0.G"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "2nd Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "RomePI-SP3_1.0.0.C"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "3rd Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "MilanPI-SP3_1.0.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693 Protection Mechanism Failure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
            }
          ]
        },
        "source": {
          "advisory": "AMD-SB-1021",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12954",
    "datePublished": "2021-11-16T18:11:02.785753Z",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-09-16T18:48:26.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.