Security Bulletin: This Power System update is being released to address CVE-2018-8931

Summary POWER8/POWER9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. Vulnerability Details CVEID: CVE-2018-8931 DESCRIPTION: The AMD Ryzen, Ryzen Pro, and Ryzen Mobil...

AMD processors affected by vulnerabilities: Ryzenfall, Fallout, Chimera and Masterkey

A collection of AMD vulnerabilities known as "Ryzenfall, Fallout, Chimera, Masterkey" has been released. Attackers in possession of these vulnerabilities would receive additional capabilities, like persistence by malware injection, stealth, network credential theft and more. It affects AMD...

AMD Ryzen and Ryzen Pro Arbitrary Code Execution Vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen and Ryzen Pro that originates from a program that makes it difficult to perform adequate access control on Secure Processor. An attacker could exploit...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from a backdoor in the firmware. An attacker could exploit the...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability (CNVD-2018-07881)

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from the presence of a backdoor in the ASIC. An attacker could...

CVE-2018-8935

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW...

CVE-2018-8930

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3...

Design/Logic Flaw

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW...

Design/Logic Flaw

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW...

CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1...

Improper access control

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4...

CVE-2018-8932

The CVE-2018-8932 issue concerns AMD Ryzen/Ryzen Pro processors with insufficient access control in the Secure Processor (RYZENFALL-2/3/4). The available connected documents confirm a processor-embedded access-control weakness rather than a software-only flaw. Root cause: inadequate enforcement w...

CVE-2018-8930

CVE-2018-8930 concerns AMD EPYC Server, Ryzen, Ryzen Pro and Ryzen Mobile processors with insufficient enforcement of Hardware Validated Boot (MASTERKEY-1/MASTERKEY-2/MASTERKEY-3). Public sources consistently identify the affected products and the root cause as weak validation of boot hardware, e...

CVE-2018-8931

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1...

CVE-2018-8934

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW...

CVE-2018-8936

The CVE-2018-8936 entry concerns AMD processors (EPYC Server, Ryzen, Ryzen Pro, Ryzen Mobile) where the Platform Security Processor (PSP) enables privilege escalation. The connected documents corroborate that this is a PSP-based elevation issue affecting multiple Ryzen-family products. Specifics ...

CVE-2018-8932

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4...

CVE-2018-8934

CVE-2018-8934 covers a backdoor in the firmware of the Promontory chipset used in AMD Ryzen/Ryzen Pro platforms (aka CHIMERA-FW). The issue stems from a firmware backdoor in Promontory, with documented risk perceptions in multiple sources, and a CVSS3 score indicating CRITICAL impact across confi...

CVE-2018-8931

CVE-2018-8931 concerns AMD Ryzen/Ryzen Pro/Ryzen Mobile chips with insufficient access control on the Secure Processor (RYZENFALL-1). The connected sources confirm this as a hardware/software security issue affecting multiple Ryzen family parts and firmware/BIOS vectors. The IBM Power/OPAL firmwa...