5.3

CVE-2019-9836

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AmdSecure Encrypted Virtualization Firmware Version <= 0.17b11
   AmdEpyc 7251 Version-
   AmdEpyc 7261 Version-
   AmdEpyc 7281 Version-
   AmdEpyc 7301 Version-
   AmdEpyc 7351 Version-
   AmdEpyc 7351p Version-
   AmdEpyc 7371 Version-
   AmdEpyc 7401 Version-
   AmdEpyc 7401p Version-
   AmdEpyc 7451 Version-
   AmdEpyc 7501 Version-
   AmdEpyc 7551 Version-
   AmdEpyc 7551p Version-
   AmdEpyc 7601 Version-
OpensuseLeap Version15.0
OpensuseLeap Version15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.61% 0.728
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html
Third Party Advisory
VDB Entry
https://seclists.org/fulldisclosure/2019/Jun/46
Third Party Advisory
Mailing List
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us
Third Party Advisory
https://www.amd.com/en/corporate/product-security
Vendor Advisory