Details of VAR-201703-1242

ID

VAR-201703-1242

CVE

CVE-2017-7262

TITLE

AMD Ryzen Processor AGESA Service disruption in microcode (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-002660

DESCRIPTION

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. AMDRyzen is a processor of American Advanced Micro Devices (AMD). An attacker could exploit the vulnerability to cause a denial of service and refuse to provide services to legitimate users

Trust: 2.43

sources: NVD: CVE-2017-7262 // JVNDB: JVNDB-2017-002660 // CNVD: CNVD-2017-10837 // BID: 97098

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-10837

AFFECTED PRODUCTS

vendor:	amd	model:	ryzen	scope:	lte	version:	2017-01-27	Trust: 1.0
vendor:	advanced micro devices amd	model:	ryzen	scope:	lte	version:	2017-01-27	Trust: 0.8
vendor:	amd	model:	ryzen	scope:	lte	version:	<=2017-01-27	Trust: 0.6
vendor:	amd	model:	ryzen	scope:	eq	version:	2017-01-27	Trust: 0.6
vendor:	amd	model:	ryzen	scope:	eq	version:	7-1800x0	Trust: 0.3

sources: CNVD: CNVD-2017-10837 // BID: 97098 // JVNDB: JVNDB-2017-002660 // CNNVD: CNNVD-201703-1103 // NVD: CVE-2017-7262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7262
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7262
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-10837
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-1103
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-7262
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-10837
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-7262
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-10837 // JVNDB: JVNDB-2017-002660 // CNNVD: CNNVD-201703-1103 // NVD: CVE-2017-7262

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-002660 // NVD: CVE-2017-7262

THREAT TYPE

local

Trust: 0.9

sources: BID: 97098 // CNNVD: CNNVD-201703-1103

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1103

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002660

PATCH

title:	Top Page	url:	https://www.amd.com/en/ryzen	Trust: 0.8
title:	Patch for AMDRyzen Processor Local Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/95657	Trust: 0.6
title:	AMD Ryzen processor with AGESA microcode Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74766	Trust: 0.6

sources: CNVD: CNVD-2017-10837 // JVNDB: JVNDB-2017-002660 // CNNVD: CNNVD-201703-1103

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7262	Trust: 3.3
db:	BID	id:	97098	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-002660	Trust: 0.8
db:	CNVD	id:	CNVD-2017-10837	Trust: 0.6
db:	CNNVD	id:	CNNVD-201703-1103	Trust: 0.6

sources: CNVD: CNVD-2017-10837 // BID: 97098 // JVNDB: JVNDB-2017-002660 // CNNVD: CNNVD-201703-1103 // NVD: CVE-2017-7262

REFERENCES

url:	http://forum.hwbot.org/showthread.php?t=167605	Trust: 2.7
url:	http://www.securityfocus.com/bid/97098	Trust: 1.6
url:	http://forum.hwbot.org/showpost.php?p=480524	Trust: 1.6
url:	https://news.ycombinator.com/item?id=13924192	Trust: 1.6
url:	https://www.techpowerup.com/231536/amd-ryzen-machine-crashes-to-a-sequence-of-fma3-instructions	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7262	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7262	Trust: 0.8
url:	https://www.amd.com/en/ryzen	Trust: 0.3

sources: CNVD: CNVD-2017-10837 // BID: 97098 // JVNDB: JVNDB-2017-002660 // CNNVD: CNNVD-201703-1103 // NVD: CVE-2017-7262

CREDITS

Mysticial

Trust: 0.3

sources: BID: 97098

SOURCES

db:	CNVD	id:	CNVD-2017-10837
db:	BID	id:	97098
db:	JVNDB	id:	JVNDB-2017-002660
db:	CNNVD	id:	CNNVD-201703-1103
db:	NVD	id:	CVE-2017-7262

LAST UPDATE DATE

2025-04-20T23:22:25.383000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-10837	date:	2017-06-23T00:00:00
db:	BID	id:	97098	date:	2017-03-29T01:02:00
db:	JVNDB	id:	JVNDB-2017-002660	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1103	date:	2017-09-29T00:00:00
db:	NVD	id:	CVE-2017-7262	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-10837	date:	2017-06-23T00:00:00
db:	BID	id:	97098	date:	2017-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-002660	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1103	date:	2017-03-24T00:00:00
db:	NVD	id:	CVE-2017-7262	date:	2017-03-25T00:59:00.153