CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-9836
https://notcve.org/view.php?id=CVE-2019-9836
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; también conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementación criptográfica insegura. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html https://seclists.org/fulldisclosure/2019/Jun/46 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us https://www.amd.com/en/corporate/product-security • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-8930
https://notcve.org/view.php?id=CVE-2018-8930
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Los chips de procesamiento de AMD EPYC Server, Ryzen, Ryzen Pro y Ryzen Mobile no aplican Hardware Validated Boot lo suficiente. Esto también se conoce como MASTERKEY-1, MASTERKEY-2 y MASTERKEY-3. • https://amdflaws.com https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research https://safefirmware.com/amdflaws_whitepaper.pdf https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-8936
https://notcve.org/view.php?id=CVE-2018-8936
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Los chips de procesamiento de AMD EPYC Server, Ryzen, Ryzen Pro y Ryzen Mobile permiten el escalado de privilegios de Platform Security Processor (PSP). • https://amdflaws.com https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research https://safefirmware.com/amdflaws_whitepaper.pdf •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8933
https://notcve.org/view.php?id=CVE-2018-8933
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. Los chips de procesamiento de AMD EPYC Server tienen un control de acceso insuficiente para las regiones de memoria protegidas. Esto se conoce como FALLOUT-1, FALLOUT-2 y FALLOUT-3. • https://amdflaws.com https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research https://safefirmware.com/amdflaws_whitepaper.pdf https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us • CWE-732: Incorrect Permission Assignment for Critical Resource •