CVE-2019-9836 — MEDIUM (5.3)

Q: How severe is CVE-2019-9836?

CVE-2019-9836 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9836?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Secure Encrypted Virtualization Firmware, Amd Epyc 7251, Amd Epyc 7261, Amd Epyc 7281, Amd Epyc 7301.

Vulnerability Description

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amd	Secure Encrypted Virtualization Firmware	<= 0.17b11
Amd	Epyc 7251	-
Amd	Epyc 7261	-
Amd	Epyc 7281	-
Amd	Epyc 7301	-
Amd	Epyc 7351	-
Amd	Epyc 7351P	-
Amd	Epyc 7371	-
Amd	Epyc 7401	-
Amd	Epyc 7401P	-
Amd	Epyc 7451	-
Amd	Epyc 7501	-
Amd	Epyc 7551	-
Amd	Epyc 7551P	-
Amd	Epyc 7601	-
Opensuse	Leap	15.0

Related Weaknesses (CWE)

CWE-327

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-Third Party AdvisoryVDB Entry
https://seclists.org/fulldisclosure/2019/Jun/46Mailing ListThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://www.amd.com/en/corporate/product-securityVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-Third Party AdvisoryVDB Entry
https://seclists.org/fulldisclosure/2019/Jun/46Mailing ListThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
https://www.amd.com/en/corporate/product-securityVendor Advisory

FAQ

What is CVE-2019-9836?

CVE-2019-9836 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic impl...

How severe is CVE-2019-9836?

CVE-2019-9836 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9836?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Secure Encrypted Virtualization Firmware, Amd Epyc 7251, Amd Epyc 7261, Amd Epyc 7281, Amd Epyc 7301.