Vulmon
Circumvention of platform security controls, unauthorized access to system memory, installation of difficult to detect malware.
Source: CTS
Reported By: CTS
Vulnerability Description Impact MASTERKEY Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption. Requires administrative access to the targeted system. Circumvention of platform security controls. These changes are persistent following a system reboot. RYZENFALL Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system. Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86). FALLOUT Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system. Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86). CHIMERA Attacker who already has compromised the security of a system installs a malicious driver that exposes certain Promontory functions. Requires administrative access to the targeted system. Attacker accesses physical memory through the chipset. Attacker installs difficult to detect malware in the chipset but is not persistent across reboots. Reference https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research (in English)
VULNERABILITY SUMMARY
|
Vulnerability
|
Description
|
Impact
|
|
MASTERKEY
|
Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption. Requires administrative access to the targeted system.
|
Circumvention of platform security controls. These changes are persistent following a system reboot.
|
|
RYZENFALL
|
Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system.
|
Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86).
|
|
FALLOUT
|
Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system.
|
Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86).
|
|
CHIMERA
|
Attacker who already has compromised the security of a system installs a malicious driver that exposes certain Promontory functions. Requires administrative access to the targeted system.
|
Attacker accesses physical memory through the chipset.
Attacker installs difficult to detect malware in the chipset but is not persistent across reboots.
|
|
Reference
|
Base Vector
|
Base Score
|
|
CVE-2018-8930
|
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
9.0
|
|
CVE-2018-8932
|
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
9.0
|
|
CVE-2018-8933
|
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
9.0
|
|
CVE-2018-8934
|
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
9.0
|
|
Product
|
Updated Version(s)
|
Softpaq#
|
Softpaq Link
|
|
HP EliteBook 645 G4
|
1.24
|
SP91956
| |
|
HP EliteBook 655 G4
|
1.24
|
SP91956
| |
|
HP EliteBook 725 G4
|
1.24
|
SP91956
| |
|
HP EliteBook 735 G5
|
01.00.04
|
SP88374
| |
|
HP EliteBook 745 G3
|
1.37
|
SP94804
| |
|
HP EliteBook 745 G4
|
1.24
|
SP91956
| |
|
HP EliteBook 745 G5
|
01.00.04
|
SP88374
| |
|
HP EliteBook 755 G3
|
1.37
|
SP94804
| |
|
HP EliteBook 755 G4
|
1.24
|
SP91956
| |
|
HP EliteDesk 705 G2 DM
|
2.37
|
SP94792
| |
|
HP EliteDesk 705 G3 MT (HP EliteDesk 705 G3 SMR System Bios P09)
|
2.17
|
SP91340
| |
|
HP EliteDesk 705 G3 MT (HP EliteDesk 705 G3 System Bios P06)
|
2.26
|
SP95106
| |
|
HP EliteDesk 705 G3 SFF (HP EliteDesk 705 G3 SMR System Bios P09)
|
2.17
|
SP91340
| |
|
HP EliteDesk 705 G3 SFF (HP EliteDesk 705 G3 System Bios P06)
|
2.26
|
SP95106
| |
|
HP EliteDesk 705 G3 DM
|
2.26
|
SP95107
| |
|
HP EliteDesk 705 G4 DM (System BIOS Q26)
|
02.04.01
|
SP92151
| |
|
HP EliteDesk 705 G4 DM (System BIOS Q27)
|
02.04.02
|
SP95101
| |
|
HP EliteDesk 705 G4 MT (System BIOS Q05)
|
02.04.02
|
SP95097
| |
|
HP EliteDesk 705 G4 MT (System BIOS Q06)
|
02.04.01
|
SP92135
| |
|
HP EliteDesk 705 G4 MT (System BIOS Q09)
|
02.04.01
|
SP92136
| |
|
HP EliteDesk 705 G4 SFF (System BIOS Q15)
|
02.04.02
|
SP95099
| |
|
HP EliteDesk 705 G4 SFF (System BIOS Q16)
|
02.04.01
|
SP92138
| |
|
HP EliteDesk 705 G4 SFF (System BIOS Q19)
|
02.04.01
|
SP92139
| |
|
HP mt42 Mobile Thin Client
|
1.37
|
SP95038
| |
|
HP mt43 Mobile Thin Client
|
1.24
|
SP91968
| |
|
HP mt44 Mobile Thin Client
|
01.00.05
|
SP88376
| |
|
HP ProBook 455 G3
|
1.37
|
SP94806
| |
|
HP ProBook 455 G4
|
1.24
|
SP91965
| |
|
HP ProBook 455 G5
|
01.03.00
|
SP91395
| |
|
HP ProBook 645 G4
|
01.00.04
|
SP88375
| |
|
HP ProBook 645 G2
|
1.37
|
SP93523
| |
|
HP ProBook 655 G2
|
1.37
|
SP93523
| |
|
HP ProDesk 405 G2 MT
|
2.28
|
SP91944
| |
|
HP ProDesk 485 G2 MT
|
2.28
|
SP91944
|
|
Product Name
|
Updated Version(s)
|
SoftPaq#
|
SoftPaq Link
|
|
Compaq 100-xxx
|
A0.17
|
SP90185
| |
|
Compaq 14-h000~Compaq 14-h099
|
F.49
|
SP90187
| |
|
Compaq 14-h400~Compaq 14-h499
|
F.49
|
SP90187
| |
|
Compaq 15-b000~Compaq 15-b099
|
F.49
|
SP90187
| |
|
Compaq 15-b100~Compaq 15-b199
|
F.49
|
SP90187
| |
|
Compaq 15-b200~Compaq 15-b299
|
F.49
|
SP90187
| |
|
Compaq All-in-One 18-xxxx
|
A0.16
|
SP90317
| |
|
HP 110-5xx
|
A0.17
|
SP90185
| |
|
HP 110-5xx
|
A0.17
|
SP90185
| |
|
HP 14-af0XX
|
F.21
|
SP91343
| |
|
HP 14-af1XX
|
F.21
|
SP91343
| |
|
HP 14-an000 ~ 14-an099
|
F.32
|
SP91624
| |
|
HP 14-bw0xx
|
F.26
|
SP91345
| |
|
HP 14-cg0xxx
|
F.11
|
SP91627
| |
|
HP 14-g000~HP 14-g099
|
F.49
|
SP90187
| |
|
HP 14-g100~HP 14-g199
|
F.49
|
SP90187
| |
|
HP 14g-bx0xx
|
F.26
|
SP91345
| |
|
HP 14g-cg0xxx
|
F.11
|
SP91627
| |
|
HP 14q-by0xx
|
F.26
|
SP91345
| |
|
HP 14q-cg0xxx
|
F.11
|
SP91627
| |
|
HP 15-af0xx
|
F.26
|
SP91388
| |
|
HP 15-af1xx
|
F.26
|
SP91388
| |
|
HP 15-ba000 ~ 15-ba099
|
F.33
|
SP91389
| |
|
HP 15-ba100 ~ 15-ba199
|
F.33
|
SP91624
| |
|
HP 15-bw0xx
|
F.31
|
SP91347
| |
|
HP 15-da0000 ~ 15-da0099
|
F.11
|
SP91730
| |
|
HP 15-e000~HP15-e099
|
F.49
|
SP90187
| |
|
HP 15-e100~HP15-e199
|
F.49
|
SP90187
| |
|
HP 15-e200~HP15-e299
|
F.49
|
SP90187
| |
|
HP 15-f1xx
|
F.43
|
SP89030
| |
|
HP 15-f2xx
|
F.43
|
SP89030
| |
|
HP 15-f3xx
|
F.43
|
SP89030
| |
|
HP 15-g300~HP 15-g399
|
F.49
|
SP90187
| |
|
HP 15g-bx0xx
|
F.31
|
SP91347
| |
|
HP 15g-da0000 ~ 15g-da0099
|
F.11
|
SP91730
| |
|
HP 15q-by0xx
|
F.31
|
SP91347
| |
|
HP 15q-da0000 ~ 15q-da0099
|
F.11
|
SP91730
| |
|
HP 17-ak000 ~ 17-ak099
|
F.09
|
SP89048
| |
|
HP 17-ca0000~17-ca0999
|
F.11
|
SP91626
| |
|
HP 17-p000 ~ 17-p099
|
F.19
|
SP91499
| |
|
HP 17-p100 ~ 17-p199
|
F.19
|
SP91499
| |
|
HP 17-y000~17-y099
|
F.41
|
SP91341
| |
|
HP 17-y500 - 17-y599
|
F.41
|
SP91341
| |
|
HP 240 G5 Notebook PC
|
F.32
|
SP91624
| |
|
HP 245 G4
|
F.21
|
SP91343
| |
|
HP 245 G5 Notebook PC
|
F.32
|
SP91624
| |
|
HP 245 G6
|
F.26
|
SP91345
| |
|
HP 251-axxx
|
A0.17
|
SP90185
| |
|
HP 255 G3
|
F.49
|
SP90187
| |
|
HP 255 G4
|
F.26
|
SP91388
| |
|
HP 255 G5
|
F.33
|
SP91389
| |
|
HP 255 G6
|
F.31
|
SP91347
| |
|
HP 460-axxx
|
F.33
|
SP89074
| |
|
HP All-in-One 18-xxxx
|
A0.16
|
SP90317
| |
|
HP All-in-One 20-c3xx
|
F.35
|
SP91572
| |
|
HP All-in-One 20-cxxx
|
F.43
|
SP91592
| |
|
HP All-in-One 20-exxx
|
A0.11
|
SP91617
| |
|
HP All-in-One 22-b3xx
|
F.35
|
SP91572
| |
|
HP All-in-One 22-bxxx
|
F.43
|
SP91592
| |
|
HP All-in-One 22-cxxx
|
F.13
|
SP91574
| |
|
HP All-in-One 24-e0xx
|
F.35
|
SP91572
| |
|
HP All-in-One 24-fxxxx
|
F.13
|
SP91574
| |
|
HP All-in-One 24-gxxx
|
F.43
|
SP91592
| |
|
HP ENVY 15-ah000 ~ 15-ah099
|
F.20
|
SP93125
| |
|
HP ENVY 15-ah400 ~ 15-ah499
|
F.20
|
SP93125
| |
|
HP ENVY m6-p000 ~ m6-p099
|
F.20
|
SP93125
| |
|
HP ENVY m6-p100 ~ m6-p199
|
F.20
|
SP93125
| |
|
HP ENVY x360 13-ag0xxx
|
F.19
|
SP91692
| |
|
HP ENVY x360 13m-ag0xxx
|
F.19
|
SP91692
| |
|
HP ENVY x360 15-ar0XX
|
F.21
|
SP91546
| |
|
HP ENVY x360 15-bq0xx
|
F.09
|
SP91548
| |
|
HP ENVY x360 15-bq1xx
|
Not Available
|
Not Available
|
Not Available
|
|
HP ENVY x360 Convertible 15-cp0xxx
|
F.19
|
SP91692
| |
|
HP ENVY x360 Convertible 15m-cp0xxx
|
F.19
|
SP91692
| |
|
HP ENVY x360 m6-ar0XX
|
F.21
|
SP91546
| |
|
HP ENVY x360 m6-bq0xx
|
F.09
|
SP91548
| |
|
HP ENVY x360 m6-bq1xx
|
Not Available
|
Not Available
|
Not Available
|
|
HP OMEN 870-0xx
|
F.51
|
SP91591
| |
|
HP OMEN 880-0xx
|
F.22
|
SP92405
| |
|
HP OMEN 880-1xx
|
F.11
|
SP91700
| |
|
HP Pavilion 14-ab000~14-ab099
|
F.52
|
SP90267
| |
|
HP Pavilion 14-ab100~14-ab199
|
F.52
|
SP90267
| |
|
HP Pavilion 14-av001 ~ 14-av099
|
F.28
|
SP93005
| |
|
HP Pavilion 15-ab000~15-ab099
|
F.52
|
SP90267
| |
|
HP Pavilion 15-ab100~15-ab199
|
F.52
|
SP90267
| |
|
HP Pavilion 15-aw001 ~ 15-aw099
|
F.30
|
SP91463
| |
|
HP Pavilion 15-cd001 ~ 15-cd099
|
F.25
|
SP90234
| |
|
HP Pavilion 17-ar001 ~ 17-ar099
|
F.25
|
SP90234
| |
|
HP Pavilion 17-g000~17-g099
|
F.52
|
SP90267
| |
|
HP Pavilion 17-g100~17-g199
|
F.52
|
SP90267
| |
|
HP Pavilion 24-qb0xxx
|
F.04
|
SP89061
| |
|
HP Pavilion 24-qb0xxx
|
F.03
|
SP89029
| |
|
HP Pavilion 24-xa0xxx
|
F.04
|
SP89061
| |
|
HP Pavilion 24-xa0xxx
|
F.03
|
SP89029
| |
|
HP Pavilion 27-qb0xxx
|
F.04
|
SP89061
| |
|
HP Pavilion 27-qb0xxx
|
F.03
|
SP89029
| |
|
HP Pavilion 27-xa0xxx
|
F.04
|
SP89061
| |
|
HP Pavilion 27-xa0xxx
|
F.03
|
SP89029
| |
|
HP Pavilion 510-axxx
|
F.33
|
SP89074
| |
|
HP Pavilion 510-pxxx
|
F.23
|
SP92300
| |
|
HP Pavilion 550-axxx
|
A0.17
|
SP90185
| |
|
HP Pavilion 550-axxx
|
A0.18
|
SP90184
| |
|
HP Pavilion 570-axxx
|
F.25
|
SP89042
| |
|
HP Pavilion 570-pxxx
|
F.25
|
SP91737
| |
|
HP Pavilion 590-axxxx
|
F.15
|
SP90217
| |
|
HP Pavilion 590-axxxx
|
F.08
|
SP90212
| |
|
HP Pavilion 590-pxxxx
|
F.15
|
SP90215
| |
|
HP Pavilion 590-pxxxx
|
F.15
|
SP90216
| |
|
HP Pavilion All-in-One 22-axxx
|
A0.10
|
SP91618
| |
|
HP Pavilion All-in-One 23-qxxx
|
A0.10
|
SP91618
| |
|
HP Pavilion All-in-One 23-qxxx
|
A0.10
|
SP93434
| |
|
HP Pavilion All-in-One 24-bxxx
|
F.51
|
SP91590
| |
|
HP Pavilion All-in-One 24-bxxx
|
F.51
|
SP91591
| |
|
HP Pavilion All-in-One 24-rxxx
|
F.21
|
SP91569
| |
|
HP Pavilion All-in-One 24-rxxx
|
F.11
|
SP91735
| |
|
HP Pavilion All-in-One 24-xxxx
|
F.21
|
SP91576
| |
|
HP Pavilion All-in-One 24-xxxx
|
F.21
|
SP91575
| |
|
HP Pavilion All-in-One 27-rxxx
|
F.21
|
SP91568
| |
|
HP Pavilion All-in-One 27-rxxx
|
F.21
|
SP91569
| |
|
HP Pavilion Laptop 15-cw0xxx
|
F.12
|
SP90145
| |
|
HP Pavilion Laptop 15-cw0xxx
|
F.12
|
SP90145
| |
|
HP Slimline 260-axxx
|
F.33
|
SP89074
| |
|
HP Slimline 270-axxx
|
F.25
|
SP89042
| |
|
HP Slimline 290-axxxx
|
F.06
|
SP90214
| |
|
HP Slimline 450-axxx
|
A0.17
|
SP90185
|
|
PI
|
HP Printing and Imaging
|
|
HF
|
HP Hardware and Firmware
|
|
GN
|
HP General Software
|