CVE-2020-12961

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 84.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 2ND GEN AMD Epyc™AMD 3RD GEN AMD Epyc™AMD Epyc 7002 Firmware +44 more

Timeline

PublishedNov 16

Latest updateNov 17

Description

A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages47 packages

▶CVEListV5amd/2nd_gen_amd_epyc™unspecified — RomePI-SP3_1.0.0.C

▶CVEListV5amd/3rd_gen_amd_epyc™unspecified — MilanPI-SP3_1.0.0.4

▶NVDamd/epyc_7002_firmware< romepi-sp3_1.0.0.c

▶NVDamd/epyc_7003_firmware< milanpi-sp3_1.0.0.4

▶NVDamd/epyc_7252_firmware< romepi-sp3_1.0.0.c

🔴Vulnerability Details

GHSA

GHSA-2p3h-m9wr-j5v9: A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Man↗2021-11-17

▶

CVEList

CVE-2020-12961: A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Man↗2021-11-16

▶