PT-2018-1087 · Amd · Amd Ryzen+1

Published

2018-03-12

Updated

2019-10-03

CVE-2018-8932

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AMD Ryzen and Ryzen Pro processor chips (affected versions not specified)

Description The vulnerability is related to insufficient access control for the Secure Processor in AMD Ryzen and Ryzen Pro processor chips. An attacker with access to the targeted computer and administrative privileges can exploit this issue to execute arbitrary code on the protected processor by writing to the AMD Secure Processor registers. Additionally, the vulnerability allows an attacker to read from the protected area of the processor, including memory VTL-1 and System Management Mode (SMM), by writing to the AMD Secure Processor registers. It is also possible for an attacker to disable System Management Mode (SMM) protection by writing to the AMD Secure Processor registers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-732

Related Identifiers

BDU:2018-00468

BDU:2018-00469

BDU:2018-00470

CVE-2018-8932

Affected Products

Amd Ryzen

Amd Ryzen Pro

PT-2018-1087 · Amd · Amd Ryzen+1

CVE-2018-8932

Weakness Enumeration

Related Identifiers

Affected Products

References · 10