1. Home
  2. CVE Database
  3. CVE-2020-12967
HIGH · 7.2

CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the ...

Vulnerability Description

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmdEpyc 7232P-
AmdEpyc 7251-
AmdEpyc 7252-
AmdEpyc 7261-
AmdEpyc 7262-
AmdEpyc 7272-
AmdEpyc 7281-
AmdEpyc 7282-
AmdEpyc 72F3-
AmdEpyc 7301-
AmdEpyc 7302-
AmdEpyc 7302P-
AmdEpyc 7313-
AmdEpyc 7313P-
AmdEpyc 7343-
AmdEpyc 7351-
AmdEpyc 7351P-
AmdEpyc 7352-
AmdEpyc 7371-
AmdEpyc 73F3-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2020-12967?

CVE-2020-12967 is a vulnerability with a CVSS score of 7.2 (HIGH). The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the ...

How severe is CVE-2020-12967?

CVE-2020-12967 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12967?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7232P, Amd Epyc 7251, Amd Epyc 7252, Amd Epyc 7261, Amd Epyc 7262.