CVE-2019-9836

Published: 25/06/2019 Updated: 18/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and previous versions has an insecure cryptographic implementation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amd secure encrypted virtualization firmware
opensuse leap 15.0
opensuse leap 15.1

Debian Bug report logs - #970395 firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs Package: amd64-microcode; Maintainer for amd64-microcode is Henrique de Moraes Holschuh <hmh@debianorg>; Source for amd64-microcode is src:amd64-microcode (PTS, buildd, popcon) Repor ...

Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in Zen 2 CPUs may not be written to 0 correctly This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests For details please refer to lockcmpxchg8bcom/zenbleedhtml githu ...

Overview ======== AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time See [1] for details SEV key management code runs inside the Platform Security Processor (PSP) [2] The S ...

CWE-327 https://www.amd.com/en/corporate/product-security https://seclists.org/fulldisclosure/2019/Jun/46 http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970395 https://www.debian.org/security/2023/dsa-5459

CVE-2019-9836

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect