| Vulnerability Name: | CVE-2020-12926 (CCN-191740) | ||||||||||||
| Assigned: | 2020-11-10 | ||||||||||||
| Published: | 2020-11-10 | ||||||||||||
| Updated: | 2020-11-30 | ||||||||||||
| Summary: | The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. | ||||||||||||
| CVSS v3 Severity: | 6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 5.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-367 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-12926 Source: XF Type: UNKNOWN amd-cve202012926-weak-security(191740) Source: CCN Type: AMD Web site AMD Product Security Source: MISC Type: Vendor Advisory https://www.amd.com/en/corporate/product-security | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||