Main Vulnerability Database Vulnerabilities #VU12095

Improper input validation in AMD products - CVE-2018-8930

Published: April 23, 2018 / Updated: April 23, 2018

Vulnerability identifier: #VU12095

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8930

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: AMD

Affected software:
AMD EPYC Server
Ryzen
Ryzen Pro
Ryzen Mobile

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips due to insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-8930

Install update from vendor's website.

Sources

https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-o...

Improper input validation in AMD products - CVE-2018-8930

Detailed vulnerability description

How to mitigate CVE-2018-8930

Sources

Please verify you're human