Security Bulletin: This Power System update is being released to address CVE-2018-8931

Summary POWER8/POWER9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. Vulnerability Details CVEID: CVE-2018-8931 DESCRIPTION: The AMD Ryzen, Ryzen Pro, and Ryzen Mobil...

AMD processors affected by vulnerabilities: Ryzenfall, Fallout, Chimera and Masterkey

A collection of AMD vulnerabilities known as "Ryzenfall, Fallout, Chimera, Masterkey" has been released. Attackers in possession of these vulnerabilities would receive additional capabilities, like persistence by malware injection, stealth, network credential theft and more. It affects AMD...

The vulnerability affects the implementation of the AMD Secure Processor technology in CPUs such as Ryzen, Ryzen Pro, Ryzen Mobile, and EPYC Server. This allows malicious code to be injected into a computer’s BIOS.

The vulnerability of AMD Secure Processor-based processors, such as Ryzen, Ryzen Pro, Ryzen Mobile, and EPYC Server, stems from the absence of a mechanism for detecting damage to flash memory contents. Exploiting this vulnerability allows an attacker who has access to the targeted computer and...

The vulnerability of AMD Secure Processor technology in Ryzen and Ryzen Pro processors allows for reading from the protected area of the processor.

The vulnerability of AMD Secure Processor-based Ryzen and Ryzen Pro processors lies in the implementation flaws of security functions. Exploiting this vulnerability allows an attacker with access to the targeted computer and administrative privileges to read from the protected areas of the...

The vulnerability of the AMD Secure Processor technology in processors like Ryzen, Ryzen Pro, and Ryzen Mobile allows for writing to the secure area of the processor.

The vulnerability of the AMD Secure Processor-based processors, including Ryzen, Ryzen Pro, and Ryzen Mobile, is related to deficiencies in the implementation of security functions. Exploiting this vulnerability allows an attacker who has access to the targeted computer and possesses administrato...

AMD Ryzen and Ryzen Pro Arbitrary Code Execution Vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen and Ryzen Pro that originates from a program that makes it difficult to perform adequate access control on Secure Processor. An attacker could exploit...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from a backdoor in the firmware. An attacker could exploit the...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability (CNVD-2018-07881)

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from the presence of a backdoor in the ASIC. An attacker could...

CVE-2018-8935

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW...

CVE-2018-8930

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3...

Design/Logic Flaw

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW...

Improper access control

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4...

Design/Logic Flaw

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW...

CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1...

CVE-2018-8932

The CVE-2018-8932 issue concerns AMD Ryzen/Ryzen Pro processors with insufficient access control in the Secure Processor (RYZENFALL-2/3/4). The available connected documents confirm a processor-embedded access-control weakness rather than a software-only flaw. Root cause: inadequate enforcement w...

CVE-2018-8936

The CVE-2018-8936 entry concerns AMD processors (EPYC Server, Ryzen, Ryzen Pro, Ryzen Mobile) where the Platform Security Processor (PSP) enables privilege escalation. The connected documents corroborate that this is a PSP-based elevation issue affecting multiple Ryzen-family products. Specifics ...

CVE-2018-8934

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW...

CVE-2018-8930

CVE-2018-8930 concerns AMD EPYC Server, Ryzen, Ryzen Pro and Ryzen Mobile processors with insufficient enforcement of Hardware Validated Boot (MASTERKEY-1/MASTERKEY-2/MASTERKEY-3). Public sources consistently identify the affected products and the root cause as weak validation of boot hardware, e...

CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1...

CVE-2018-8932

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4...