CVE-2019-9836

Name of the Vulnerable Software and Affected Versions Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP) 0.17 build 11 and earlier

Description The issue is related to an insecure cryptographic implementation in AMD's Secure Encrypted Virtualization (SEV) technology, which can be exploited by a remote attacker to access confidential data. This vulnerability allows for the compromise of protected data by recovering platform Diffie-Hellman keys via an invalid curve attack. The SEV technology provides transparent memory encryption for virtual machines at the hardware level, ensuring that only the current guest system can access decrypted data, while other virtual machines and the hypervisor can only access encrypted data.

Recommendations For Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP) 0.17 build 11 and earlier, consider disabling the SEV feature until a patch or update is available to address the insecure cryptographic implementation. As a temporary workaround, restrict access to sensitive data and virtual machines to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.