Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2019/Jun/46 | Mailing List Third Party Advisory |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us | Third Party Advisory |
https://www.amd.com/en/corporate/product-security | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2019-06-25 21:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-9836
Mitre link : CVE-2019-9836
CVE.ORG link : CVE-2019-9836
JSON object : View
Products Affected
amd
- epyc_7501
- secure_encrypted_virtualization_firmware
- epyc_7281
- epyc_7351p
- epyc_7371
- epyc_7401
- epyc_7401p
- epyc_7551
- epyc_7351
- epyc_7601
- epyc_7301
- epyc_7261
- epyc_7451
- epyc_7551p
- epyc_7251
opensuse
- leap
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm