The vulnerability of the Promontory chip, which is used together with Ryzen and Ryzen Pro processors, is related to the presence of undeclared capabilities in its microprogramming software. This vulnerability allows access to physical memory.

🗓️ 04 Apr 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Promontory chip on Ryzen systems has undeclared capabilities enabling admin access to physical memory via a network device or a custom driver.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2018-8934	22 Mar 201814:29	–	attackerkb
CNVD	AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability	28 Mar 201800:00	–	cnvd
CVE	CVE-2018-8934	22 Mar 201814:00	–	cve
Cvelist	CVE-2018-8934	22 Mar 201814:00	–	cvelist
EUVD	EUVD-2018-20542	7 Oct 202500:30	–	euvd
F5 Networks	K02326457: Multiple AMD processor vulnerabilities	21 Feb 202318:46	–	f5
Fortinet	AMD processors affected by vulnerabilities: Ryzenfall, Fallout, Chimera and Masterkey	13 Apr 201800:00	–	fortinet
Hewlett-Packard	HPSBHF03581 rev. 4 - AMD Secure Processor and Promontory Chipset Exploits	21 Mar 201800:00	–	hp
NVD	CVE-2018-8934	22 Mar 201814:29	–	nvd
Prion	Design/Logic Flaw	22 Mar 201814:29	–	prion

Source	Link
amdflaws	www.amdflaws.com/
blog	www.blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
safefirmware	www.safefirmware.com/amdflaws_whitepaper.pdf
community	www.community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research
securitylab	www.securitylab.ru/news/492088.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-8934
vuldb	www.vuldb.com/de/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 26

EPSS0.00573

Promontory chip Ryzen processors undeclared capabilities microprogramming environment physical memory admin access network device custom driver