CVE-2018-8933

Name of the Vulnerable Software and Affected Versions AMD EPYC Server processor (affected versions not specified)

Description The issue is related to the implementation of the AMD Secure Processor technology in the AMD EPYC Server processor, specifically with the bootloader responsible for checking hardware functionality and launching the AMD Secure Processor module. An attacker with administrative privileges and access to the targeted computer can exploit this issue to read from protected areas of the processor, including memory VTL-1 and System Management Mode (SMM), by writing to the AMD Secure Processor coprocessor registers. This can also allow the attacker to disable System Management Mode protection. The issue is associated with insufficient access control for protected memory regions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.