Vulnerability Name: | CVE-2018-8930 (CCN-140290) | ||||||||||||
Assigned: | 2018-03-13 | ||||||||||||
Published: | 2018-03-13 | ||||||||||||
Updated: | 2020-08-24 | ||||||||||||
Summary: | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. | ||||||||||||
CVSS v3 Severity: | 9.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) 8.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-8930 Source: CCN Type: AMD Flaws Web site Severe Security Advisory on AMD Processors Source: MISC Type: Third Party Advisory https://amdflaws.com/ Source: CCN Type: Trail of Bits Blog AMD Flaws Technical Summary Source: MISC Type: Third Party Advisory https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/ Source: CCN Type: AMD Initial AMD Technical Assessment of CTS Labs Research Source: MISC Type: Vendor Advisory https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research Source: XF Type: UNKNOWN amd-masterkey-cve20188930-code-exec(140290) Source: MISC Type: Third Party Advisory https://safefirmware.com/amdflaws_whitepaper.pdf Source: CONFIRM Type: UNKNOWN https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |