Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2019-9836

Published: 25/06/2019 Updated: 18/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Amd

Vulnerability Summary

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and previous versions has an insecure cryptographic implementation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amd secure_encrypted_virtualization_firmware

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Debian CVElist Bug Report Logs: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
Debian Bug report logs - #970395 firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs Package: amd64-microcode; Maintainer for amd64-microcode is Henrique de Moraes Holschuh <hmh@debianorg>; Source for amd64-microcode is src:amd64-microcode (PTS, buildd, popcon) Repor ...
Debian Security Advisories: DSA-5459-1 amd64-microcode -- security update
Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in Zen 2 CPUs may not be written to 0 correctly This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests For details please refer to lockcmpxchg8bcom/zenbleedhtml githu ...

Mailing Lists

Full Disclosure: AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836)
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> AMD-SEV: Platform DH key recovery via invalid curve attack (CVE-2019-9836) <!--X-Subject-Header-End--> <!--X-Head-of-M ...

References

CWE-327https://www.amd.com/en/corporate/product-securityhttps://seclists.org/fulldisclosure/2019/Jun/46http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_ushttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970395https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5459
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook