Insufficient Hardware Boot Security in AMD Processor Chips
CVE-2018-8930

9CRITICAL

Key Information:

Vendor

Amd
Status
Ryzen Mobile Firmware
Vendor
CVE Published:
22 March 2018

What is CVE-2018-8930?

Certain AMD processor families, including EPYC, Ryzen, and Ryzen Mobile chips, exhibit vulnerabilities due to inadequate enforcement of Hardware Validated Boot mechanisms. This issue pertains to the failure in properly verifying boot authenticity, which could potentially allow malicious actors to execute unauthorized code during the boot process. As these processors are widely utilized in various computing environments, addressing this flaw is critical to maintaining secure operations and preventing unauthorized system access.

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://amdflaws.com/
x_refsource_MISC
https://blog.trailofbits.com/2018/03/15/amd-flaws-technic...
x_refsource_MISC

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-8930 : Insufficient Hardware Boot Security in AMD Processor Chips