CVE-2019-9836Use of a Broken or Risky Cryptographic Algorithm in AMD Secure Encrypted Virtualization Firmware

CWE-327Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 53.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Amd64-microcodeAMD Secure Encrypted Virtualization FirmwareOpensuse Leap
Timeline
PublishedJun 25
Latest updateMay 24

Description

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/amd64-microcode< amd64-microcode 3.20220411.1 (bookworm)
NVDopensuse/leap15.0, 15.1+1

🔴Vulnerability Details

2
GHSA
GHSA-mmcw-j5qf-fj6c: Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 02022-05-24
OSV
CVE-2019-9836: Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 02019-06-25

📋Vendor Advisories

1
Debian
CVE-2019-9836: amd64-microcode - Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform S...2019