Sign-up

ID

VAR-201803-1908


CVE

CVE-2018-8934


TITLE

AMD Ryzen and Ryzen Pro Vulnerabilities related to authorization, authority, and access control in the platform

Trust: 0.8

sources: JVNDB: JVNDB-2018-003357

DESCRIPTION

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

Trust: 1.71

sources: NVD: CVE-2018-8934 // JVNDB: JVNDB-2018-003357 // VULHUB: VHN-138966

AFFECTED PRODUCTS

vendor:amdmodel:ryzen proscope:eqversion: -

Trust: 1.6

vendor:amdmodel:ryzenscope:eqversion: -

Trust: 1.6

vendor:advanced micro devices amdmodel:ryzen proscope: - version: -

Trust: 0.8

vendor:advanced micro devices amdmodel:ryzenscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-003357 // CNNVD: CNNVD-201803-798 // NVD: CVE-2018-8934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8934
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8934
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-798
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138966
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8934
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138966
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8934
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138966 // JVNDB: JVNDB-2018-003357 // CNNVD: CNNVD-201803-798 // NVD: CVE-2018-8934

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-138966 // JVNDB: JVNDB-2018-003357 // NVD: CVE-2018-8934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-798

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-798

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003357

PATCH
title:Initial AMD Technical Assessment of CTS Labs Researchurl:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003357

EXTERNAL IDS
db:NVDid:CVE-2018-8934
Trust: 2.5
db:JVNDBid:JVNDB-2018-003357
Trust: 0.8
db:CNNVDid:CNNVD-201803-798
Trust: 0.6
db:VULHUBid:VHN-138966
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138966 // 
            
            
            
            JVNDB: JVNDB-2018-003357 // 
            
            
            
            CNNVD: CNNVD-201803-798 // 
            
            
            
            NVD: CVE-2018-8934

REFERENCES
url:https://amdflaws.com/
Trust: 1.7
url:https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
Trust: 1.7
url:https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
Trust: 1.7
url:https://safefirmware.com/amdflaws_whitepaper.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8934
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8934
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138966 // 
            
            
            
            JVNDB: JVNDB-2018-003357 // 
            
            
            
            CNNVD: CNNVD-201803-798 // 
            
            
            
            NVD: CVE-2018-8934

SOURCES
db:VULHUBid:VHN-138966
db:JVNDBid:JVNDB-2018-003357
db:CNNVDid:CNNVD-201803-798
db:NVDid:CVE-2018-8934

LAST UPDATE DATE
2024-11-23T22:52:11.121000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138966date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-003357date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-798date:2019-10-23T00:00:00
db:NVDid:CVE-2018-8934date:2024-11-21T04:14:38.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-138966date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003357date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-798date:2018-03-23T00:00:00
db:NVDid:CVE-2018-8934date:2018-03-22T14:29:00.863