CVE-2019-9836

AMD Secure Encrypted Virtualization (SEV) Key Recovery

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; también conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementación criptográfica insegura.

AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-15 CVE Reserved
2019-06-25 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CAPEC

References (5)

URL	Tag	Source
http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html	Third Party Advisory
https://seclists.org/fulldisclosure/2019/Jun/46	Mailing List
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html	2022-04-18
https://www.amd.com/en/corporate/product-security	2022-04-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7251 Search vendor "Amd" for product "Epyc 7251"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7261 Search vendor "Amd" for product "Epyc 7261"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7281 Search vendor "Amd" for product "Epyc 7281"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7301 Search vendor "Amd" for product "Epyc 7301"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7351 Search vendor "Amd" for product "Epyc 7351"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7351p Search vendor "Amd" for product "Epyc 7351p"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7371 Search vendor "Amd" for product "Epyc 7371"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7401 Search vendor "Amd" for product "Epyc 7401"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7401p Search vendor "Amd" for product "Epyc 7401p"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7451 Search vendor "Amd" for product "Epyc 7451"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7501 Search vendor "Amd" for product "Epyc 7501"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7551 Search vendor "Amd" for product "Epyc 7551"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7551p Search vendor "Amd" for product "Epyc 7551p"	-	-	Safe
Amd Search vendor "Amd"	Secure Encrypted Virtualization Firmware Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware"	<= 0.17b11 Search vendor "Amd" for product "Secure Encrypted Virtualization Firmware" and version " <= 0.17b11"	-	Affected	in	Amd Search vendor "Amd"	Epyc 7601 Search vendor "Amd" for product "Epyc 7601"	-	-	Safe
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected