Privilege Escalation in AMD EPYC and Ryzen Products
CVE-2018-8936

9CRITICAL

Key Information:

Vendor
Amd
Status
Ryzen Mobile Firmware
Vendor
CVE Published:
22 March 2018

Summary

The vulnerability arises in AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processor families where the Platform Security Processor (PSP) can be exploited to gain elevated privileges. This security issue could allow unauthorized users to execute arbitrary code within a privileged context, therefore posing a significant risk to systems utilizing these processors. Analysts and researchers have raised concerns regarding the potential implications, urging users to remain vigilant and apply necessary mitigations as they are made available.

References

https://amdflaws.com/
x_refsource_MISC
https://blog.trailofbits.com/2018/03/15/amd-flaws-technic...
x_refsource_MISC
https://community.amd.com/community/amd-corporate/blog/20...
x_refsource_MISC

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.