SB2018042413 - Multiple vulnerabilities in AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018042413

SB2018042413 - Multiple vulnerabilities in AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile

Published: April 24, 2018

Security Bulletin ID SB2018042413
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-8930)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.


2) Improper access control (CVE-ID: CVE-2018-8931)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to insufficient access control for the Secure Processor, aka RYZENFALL-1. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

3) Improper access control (CVE-ID: CVE-2018-8932)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the AMD Ryzen and Ryzen Pro processor chips due to insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

4) Improper access control (CVE-ID: CVE-2018-8933)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the AMD EPYC Server processor chips due to insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Improper access control (CVE-ID: CVE-2018-8934)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the Promontory chipset in the AMD Ryzen and Ryzen Pro platforms due to a backdoor in firmware, aka CHIMERA-FW. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

6) Improper access control (CVE-ID: CVE-2018-8935)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the Promontory chipset in the AMD Ryzen and Ryzen Pro platforms due to a backdoor in the ASIC, aka CHIMERA-HW. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

7) Security restrictions bypass (CVE-ID: CVE-2018-8936)

The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.

The weakness exists in the AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to improper Platform Security Processor (PSP) restrictions. A remote attacker can execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References