Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

Published

2021-05-13T12:15:07.443

Last Modified

2024-11-21T05:00:36.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	amd	epyc_7232p	-	Yes
Hardware	amd	epyc_7251	-	Yes
Hardware	amd	epyc_7252	-	Yes
Hardware	amd	epyc_7261	-	Yes
Hardware	amd	epyc_7262	-	Yes
Hardware	amd	epyc_7272	-	Yes
Hardware	amd	epyc_7281	-	Yes
Hardware	amd	epyc_7282	-	Yes
Hardware	amd	epyc_72f3	-	Yes
Hardware	amd	epyc_7301	-	Yes
Hardware	amd	epyc_7302	-	Yes
Hardware	amd	epyc_7302p	-	Yes
Hardware	amd	epyc_7313	-	Yes
Hardware	amd	epyc_7313p	-	Yes
Hardware	amd	epyc_7343	-	Yes
Hardware	amd	epyc_7351	-	Yes
Hardware	amd	epyc_7351p	-	Yes
Hardware	amd	epyc_7352	-	Yes
Hardware	amd	epyc_7371	-	Yes
Hardware	amd	epyc_73f3	-	Yes
Hardware	amd	epyc_7401	-	Yes
Hardware	amd	epyc_7401p	-	Yes
Hardware	amd	epyc_7402	-	Yes
Hardware	amd	epyc_7402p	-	Yes
Hardware	amd	epyc_7413	-	Yes
Hardware	amd	epyc_7443	-	Yes
Hardware	amd	epyc_7443p	-	Yes
Hardware	amd	epyc_7451	-	Yes
Hardware	amd	epyc_7452	-	Yes
Hardware	amd	epyc_7453	-	Yes
Hardware	amd	epyc_74f3	-	Yes
Hardware	amd	epyc_7501	-	Yes
Hardware	amd	epyc_7502	-	Yes
Hardware	amd	epyc_7502p	-	Yes
Hardware	amd	epyc_7513	-	Yes
Hardware	amd	epyc_7532	-	Yes
Hardware	amd	epyc_7542	-	Yes
Hardware	amd	epyc_7543	-	Yes
Hardware	amd	epyc_7543p	-	Yes
Hardware	amd	epyc_7551	-	Yes
Hardware	amd	epyc_7551p	-	Yes
Hardware	amd	epyc_7552	-	Yes
Hardware	amd	epyc_75f3	-	Yes
Hardware	amd	epyc_7601	-	Yes
Hardware	amd	epyc_7642	-	Yes
Hardware	amd	epyc_7643	-	Yes
Hardware	amd	epyc_7662	-	Yes
Hardware	amd	epyc_7663	-	Yes
Hardware	amd	epyc_7702	-	Yes
Hardware	amd	epyc_7702p	-	Yes
Hardware	amd	epyc_7713	-	Yes
Hardware	amd	epyc_7713p	-	Yes
Hardware	amd	epyc_7742	-	Yes
Hardware	amd	epyc_7763	-	Yes
Hardware	amd	epyc_7f32	-	Yes
Hardware	amd	epyc_7f52	-	Yes
Hardware	amd	epyc_7f72	-	Yes
Hardware	amd	epyc_7h12	-	Yes
Hardware	amd	epyc_embedded_3101	-	Yes
Hardware	amd	epyc_embedded_3151	-	Yes
Hardware	amd	epyc_embedded_3201	-	Yes
Hardware	amd	epyc_embedded_3251	-	Yes
Hardware	amd	epyc_embedded_3255	-	Yes
Hardware	amd	epyc_embedded_3351	-	Yes
Hardware	amd	epyc_embedded_3451	-	Yes

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)