Sign-up

ID

VAR-201803-1906


CVE

CVE-2018-8932


TITLE

AMD Ryzen and Ryzen Pro Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003355

DESCRIPTION

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. AMD Ryzen and Ryzen Pro Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. An attacker could exploit this vulnerability to disable system management mode protection, read memory, and execute arbitrary code

Trust: 1.71

sources: NVD: CVE-2018-8932 // JVNDB: JVNDB-2018-003355 // VULHUB: VHN-138964

AFFECTED PRODUCTS

vendor:amdmodel:ryzen proscope:eqversion: -

Trust: 1.6

vendor:amdmodel:ryzenscope:eqversion: -

Trust: 1.6

vendor:advanced micro devices amdmodel:ryzen proscope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:ryzenscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-003355 // CNNVD: CNNVD-201803-800 // NVD: CVE-2018-8932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8932
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8932
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-800
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138964
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8932
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138964
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8932
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138964 // JVNDB: JVNDB-2018-003355 // CNNVD: CNNVD-201803-800 // NVD: CVE-2018-8932

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-138964 // JVNDB: JVNDB-2018-003355 // NVD: CVE-2018-8932

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-800

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-800

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003355

PATCH
title:Initial AMD Technical Assessment of CTS Labs Researchurl:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003355

EXTERNAL IDS
db:NVDid:CVE-2018-8932
Trust: 2.5
db:JVNDBid:JVNDB-2018-003355
Trust: 0.8
db:CNNVDid:CNNVD-201803-800
Trust: 0.6
db:VULHUBid:VHN-138964
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138964 // 
            
            
            
            JVNDB: JVNDB-2018-003355 // 
            
            
            
            CNNVD: CNNVD-201803-800 // 
            
            
            
            NVD: CVE-2018-8932

REFERENCES
url:https://amdflaws.com/
Trust: 1.7
url:https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
Trust: 1.7
url:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 1.7
url:https://safefirmware.com/amdflaws_whitepaper.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8932
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8932
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138964 // 
            
            
            
            JVNDB: JVNDB-2018-003355 // 
            
            
            
            CNNVD: CNNVD-201803-800 // 
            
            
            
            NVD: CVE-2018-8932

SOURCES
db:VULHUBid:VHN-138964
db:JVNDBid:JVNDB-2018-003355
db:CNNVDid:CNNVD-201803-800
db:NVDid:CVE-2018-8932

LAST UPDATE DATE
2024-11-23T22:55:55.400000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138964date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-003355date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-800date:2019-10-23T00:00:00
db:NVDid:CVE-2018-8932date:2024-11-21T04:14:37.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-138964date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003355date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-800date:2018-03-23T00:00:00
db:NVDid:CVE-2018-8932date:2018-03-22T14:29:00.737