Sign-up

ID

VAR-201803-1905


CVE

CVE-2018-8931


TITLE

plural AMD Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-003354

DESCRIPTION

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. AMD Ryzen and so on are a central processing unit (CPU) of AMD in the United States. An attacker could exploit this vulnerability to perform write operations to protected memory areas

Trust: 1.71

sources: NVD: CVE-2018-8931 // JVNDB: JVNDB-2018-003354 // VULHUB: VHN-138963

AFFECTED PRODUCTS

vendor:amdmodel:ryzen proscope:eqversion: -

Trust: 1.6

vendor:amdmodel:ryzenscope:eqversion: -

Trust: 1.6

vendor:amdmodel:ryzen mobilescope:eqversion: -

Trust: 1.6

vendor:advanced micro devices amdmodel:ryzen mobilescope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:ryzen proscope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:ryzenscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-003354 // CNNVD: CNNVD-201803-801 // NVD: CVE-2018-8931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8931
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8931
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-801
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138963
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8931
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138963
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8931
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138963 // JVNDB: JVNDB-2018-003354 // CNNVD: CNNVD-201803-801 // NVD: CVE-2018-8931

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-138963 // JVNDB: JVNDB-2018-003354 // NVD: CVE-2018-8931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-801

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201803-801

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003354

PATCH
title:Initial AMD Technical Assessment of CTS Labs Researchurl:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003354

EXTERNAL IDS
db:NVDid:CVE-2018-8931
Trust: 2.5
db:JVNDBid:JVNDB-2018-003354
Trust: 0.8
db:CNNVDid:CNNVD-201803-801
Trust: 0.7
db:AUSCERTid:ESB-2019.0518
Trust: 0.6
db:VULHUBid:VHN-138963
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138963 // 
            
            
            
            JVNDB: JVNDB-2018-003354 // 
            
            
            
            CNNVD: CNNVD-201803-801 // 
            
            
            
            NVD: CVE-2018-8931

REFERENCES
url:https://amdflaws.com/
Trust: 1.7
url:https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
Trust: 1.7
url:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 1.7
url:https://safefirmware.com/amdflaws_whitepaper.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8931
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8931
Trust: 0.8
url:http://www.ibm.com/support/docview.wss
Trust: 0.6
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10869128
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75818
Trust: 0.6
sources:
            
            
            VULHUB: VHN-138963 // 
            
            
            
            JVNDB: JVNDB-2018-003354 // 
            
            
            
            CNNVD: CNNVD-201803-801 // 
            
            
            
            NVD: CVE-2018-8931

SOURCES
db:VULHUBid:VHN-138963
db:JVNDBid:JVNDB-2018-003354
db:CNNVDid:CNNVD-201803-801
db:NVDid:CVE-2018-8931

LAST UPDATE DATE
2024-11-23T21:53:18.148000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138963date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-003354date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-801date:2019-10-23T00:00:00
db:NVDid:CVE-2018-8931date:2024-11-21T04:14:37.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-138963date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003354date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-801date:2018-03-23T00:00:00
db:NVDid:CVE-2018-8931date:2018-03-22T14:29:00.677