Vulnerability Name: | CVE-2018-8936 (CCN-140302) | ||||||||||||
Assigned: | 2018-03-13 | ||||||||||||
Published: | 2018-03-13 | ||||||||||||
Updated: | 2019-10-03 | ||||||||||||
Summary: | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. | ||||||||||||
CVSS v3 Severity: | 9.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) 8.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-8936 Source: CCN Type: AMD Flaws Web site Severe Security Advisory on AMD Processors Source: MISC Type: Third Party Advisory https://amdflaws.com/ Source: CCN Type: Trail of Bits Blog AMD Flaws Technical Summary Source: MISC Type: Third Party Advisory https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/ Source: CCN Type: AMD Initial AMD Technical Assessment of CTS Labs Research Source: MISC Type: Vendor Advisory https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research Source: XF Type: UNKNOWN amd-psp-cve20188936-priv-escalation(140302) Source: MISC Type: Third Party Advisory https://safefirmware.com/amdflaws_whitepaper.pdf | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |