Multiple vulnerabilities in AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-8930 CVE-2018-8931 CVE-2018-8932 CVE-2018-8933 CVE-2018-8934 CVE-2018-8935 CVE-2018-8936 |
| CWE-ID | CWE-20 CWE-284 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
AMD EPYC Server Server applications / Frameworks for developing and running applications Ryzen Hardware solutions / Office equipment, IP-phones, print servers Ryzen Pro Hardware solutions / Office equipment, IP-phones, print servers Ryzen Mobile Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | AMD |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU12095
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8930
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall update from vendor's website.
Vulnerable software versionsAMD EPYC Server: All versions
Ryzen: All versions
Ryzen Pro: All versions
Ryzen Mobile: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU12097
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8931
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to insufficient access control for the Secure Processor, aka RYZENFALL-1. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsRyzen: All versions
Ryzen Pro: All versions
Ryzen Mobile: All versions
AMD EPYC Server: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU12098
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8932
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the AMD Ryzen and Ryzen Pro processor chips due to insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsRyzen: All versions
Ryzen Pro: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU12099
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8933
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the AMD EPYC Server processor chips due to insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsAMD EPYC Server: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU12100
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8934
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the Promontory chipset in the AMD Ryzen and Ryzen Pro platforms due to a backdoor in firmware, aka CHIMERA-FW. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsRyzen: All versions
Ryzen Pro: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU12101
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8935
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the Promontory chipset in the AMD Ryzen and Ryzen Pro platforms due to a backdoor in the ASIC, aka CHIMERA-HW. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsRyzen: All versions
Ryzen Pro: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU12102
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8936
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.
The weakness exists in the AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to improper Platform Security Processor (PSP) restrictions. A remote attacker can execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update form vendor's website.
Vulnerable software versionsAMD EPYC Server: All versions
Ryzen: All versions
Ryzen Pro: All versions
Ryzen Mobile: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
