CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:amd:epyc_7232p:-:::::::*
	cpe:2.3:h:amd:epyc_7251:-:::::::*
	cpe:2.3:h:amd:epyc_7252:-:::::::*
	cpe:2.3:h:amd:epyc_7261:-:::::::*
	cpe:2.3:h:amd:epyc_7262:-:::::::*
	cpe:2.3:h:amd:epyc_7272:-:::::::*
	cpe:2.3:h:amd:epyc_7281:-:::::::*
	cpe:2.3:h:amd:epyc_7282:-:::::::*
	cpe:2.3:h:amd:epyc_72f3:-:::::::*
	cpe:2.3:h:amd:epyc_7301:-:::::::*
	cpe:2.3:h:amd:epyc_7302:-:::::::*
	cpe:2.3:h:amd:epyc_7302p:-:::::::*
	cpe:2.3:h:amd:epyc_7313:-:::::::*
	cpe:2.3:h:amd:epyc_7313p:-:::::::*
	cpe:2.3:h:amd:epyc_7343:-:::::::*
	cpe:2.3:h:amd:epyc_7351:-:::::::*
	cpe:2.3:h:amd:epyc_7351p:-:::::::*
	cpe:2.3:h:amd:epyc_7352:-:::::::*
	cpe:2.3:h:amd:epyc_7371:-:::::::*
	cpe:2.3:h:amd:epyc_73f3:-:::::::*
	cpe:2.3:h:amd:epyc_7401:-:::::::*
	cpe:2.3:h:amd:epyc_7401p:-:::::::*
	cpe:2.3:h:amd:epyc_7402:-:::::::*
	cpe:2.3:h:amd:epyc_7402p:-:::::::*
	cpe:2.3:h:amd:epyc_7413:-:::::::*
	cpe:2.3:h:amd:epyc_7443:-:::::::*
	cpe:2.3:h:amd:epyc_7443p:-:::::::*
	cpe:2.3:h:amd:epyc_7451:-:::::::*
	cpe:2.3:h:amd:epyc_7452:-:::::::*
	cpe:2.3:h:amd:epyc_7453:-:::::::*
	cpe:2.3:h:amd:epyc_74f3:-:::::::*
	cpe:2.3:h:amd:epyc_7501:-:::::::*
	cpe:2.3:h:amd:epyc_7502:-:::::::*
	cpe:2.3:h:amd:epyc_7502p:-:::::::*
	cpe:2.3:h:amd:epyc_7513:-:::::::*
	cpe:2.3:h:amd:epyc_7532:-:::::::*
	cpe:2.3:h:amd:epyc_7542:-:::::::*
	cpe:2.3:h:amd:epyc_7543:-:::::::*
	cpe:2.3:h:amd:epyc_7543p:-:::::::*
	cpe:2.3:h:amd:epyc_7551:-:::::::*
	cpe:2.3:h:amd:epyc_7551p:-:::::::*
	cpe:2.3:h:amd:epyc_7552:-:::::::*
	cpe:2.3:h:amd:epyc_75f3:-:::::::*
	cpe:2.3:h:amd:epyc_7601:-:::::::*
	cpe:2.3:h:amd:epyc_7642:-:::::::*
	cpe:2.3:h:amd:epyc_7643:-:::::::*
	cpe:2.3:h:amd:epyc_7662:-:::::::*
	cpe:2.3:h:amd:epyc_7663:-:::::::*
	cpe:2.3:h:amd:epyc_7702:-:::::::*
	cpe:2.3:h:amd:epyc_7702p:-:::::::*
	cpe:2.3:h:amd:epyc_7713:-:::::::*
	cpe:2.3:h:amd:epyc_7713p:-:::::::*
	cpe:2.3:h:amd:epyc_7742:-:::::::*
	cpe:2.3:h:amd:epyc_7763:-:::::::*
	cpe:2.3:h:amd:epyc_7f32:-:::::::*
	cpe:2.3:h:amd:epyc_7f52:-:::::::*
	cpe:2.3:h:amd:epyc_7f72:-:::::::*
	cpe:2.3:h:amd:epyc_7h12:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3101:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3151:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3201:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3251:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3255:-:::::::*
	cpe:2.3:h:amd:epyc_embedded_3351:-:::::::*
cpe:2.3:h:amd:epyc_embedded_3451:-:::::::*

History

21 Nov 2024, 05:00

Type	Values Removed	Values Added
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory

25 May 2021, 14:51

Type	Values Removed	Values Added
CWE		CWE-77
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory
CPE		cpe:2.3:h:amd:epyc_7501:-:::::::* cpe:2.3:h:amd:epyc_7713:-:::::::* cpe:2.3:h:amd:epyc_7713p:-:::::::* cpe:2.3:h:amd:epyc_7443p:-:::::::* cpe:2.3:h:amd:epyc_7642:-:::::::* cpe:2.3:h:amd:epyc_embedded_3351:-:::::::* cpe:2.3:h:amd:epyc_7371:-:::::::* cpe:2.3:h:amd:epyc_7502:-:::::::* cpe:2.3:h:amd:epyc_7451:-:::::::* cpe:2.3:h:amd:epyc_7281:-:::::::* cpe:2.3:h:amd:epyc_7543p:-:::::::* cpe:2.3:h:amd:epyc_7643:-:::::::* cpe:2.3:h:amd:epyc_7402p:-:::::::* cpe:2.3:h:amd:epyc_7663:-:::::::* cpe:2.3:h:amd:epyc_7452:-:::::::* cpe:2.3:h:amd:epyc_7301:-:::::::* cpe:2.3:h:amd:epyc_73f3:-:::::::* cpe:2.3:h:amd:epyc_7763:-:::::::* cpe:2.3:h:amd:epyc_embedded_3151:-:::::::* cpe:2.3:h:amd:epyc_7f32:-:::::::* cpe:2.3:h:amd:epyc_embedded_3101:-:::::::* cpe:2.3:h:amd:epyc_7443:-:::::::* cpe:2.3:h:amd:epyc_7453:-:::::::* cpe:2.3:h:amd:epyc_7251:-:::::::* cpe:2.3:h:amd:epyc_7543:-:::::::* cpe:2.3:h:amd:epyc_7551p:-:::::::* cpe:2.3:h:amd:epyc_embedded_3255:-:::::::* cpe:2.3:h:amd:epyc_72f3:-:::::::* cpe:2.3:h:amd:epyc_7f52:-:::::::* cpe:2.3:h:amd:epyc_7h12:-:::::::* cpe:2.3:h:amd:epyc_7262:-:::::::* cpe:2.3:h:amd:epyc_7401p:-:::::::* cpe:2.3:h:amd:epyc_7542:-:::::::* cpe:2.3:h:amd:epyc_7532:-:::::::* cpe:2.3:h:amd:epyc_7662:-:::::::* cpe:2.3:h:amd:epyc_7351p:-:::::::* cpe:2.3:h:amd:epyc_7502p:-:::::::* cpe:2.3:h:amd:epyc_7252:-:::::::* cpe:2.3:h:amd:epyc_7282:-:::::::* cpe:2.3:h:amd:epyc_embedded_3201:-:::::::* cpe:2.3:h:amd:epyc_7413:-:::::::* cpe:2.3:h:amd:epyc_7272:-:::::::* cpe:2.3:h:amd:epyc_74f3:-:::::::* cpe:2.3:h:amd:epyc_7742:-:::::::* cpe:2.3:h:amd:epyc_7601:-:::::::* cpe:2.3:h:amd:epyc_7f72:-:::::::* cpe:2.3:h:amd:epyc_7313p:-:::::::* cpe:2.3:h:amd:epyc_embedded_3251:-:::::::* cpe:2.3:h:amd:epyc_7302p:-:::::::* cpe:2.3:h:amd:epyc_75f3:-:::::::* cpe:2.3:h:amd:epyc_7702:-:::::::* cpe:2.3:h:amd:epyc_7513:-:::::::* cpe:2.3:h:amd:epyc_7352:-:::::::* cpe:2.3:h:amd:epyc_7232p:-:::::::* cpe:2.3:h:amd:epyc_7343:-:::::::* cpe:2.3:h:amd:epyc_7351:-:::::::* cpe:2.3:h:amd:epyc_7313:-:::::::* cpe:2.3:h:amd:epyc_7551:-:::::::* cpe:2.3:h:amd:epyc_embedded_3451:-:::::::* cpe:2.3:h:amd:epyc_7401:-:::::::* cpe:2.3:h:amd:epyc_7302:-:::::::* cpe:2.3:h:amd:epyc_7552:-:::::::* cpe:2.3:h:amd:epyc_7402:-:::::::* cpe:2.3:h:amd:epyc_7702p:-:::::::* cpe:2.3:h:amd:epyc_7261:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.0 v3 : 7.2

Information

Published : 2021-05-13 12:15

Updated : 2024-11-21 05:00

NVD link : CVE-2020-12967

Mitre link : CVE-2020-12967

CVE.ORG link : CVE-2020-12967

JSON object : View

Products Affected

amd

epyc_7261
epyc_7713
epyc_7401p
epyc_7451
epyc_7532
epyc_7f52
epyc_7252
epyc_embedded_3101
epyc_7452
epyc_7542
epyc_7302
epyc_7281
epyc_embedded_3251
epyc_7702p
epyc_7663
epyc_7642
epyc_7551p
epyc_7351
epyc_73f3
epyc_7643
epyc_7443
epyc_embedded_3255
epyc_7601
epyc_7502
epyc_7543p
epyc_7501
epyc_7f32
epyc_7742
epyc_7702
epyc_embedded_3151
epyc_7713p
epyc_7502p
epyc_embedded_3351
epyc_embedded_3451
epyc_7371
epyc_7302p
epyc_7402
epyc_72f3
epyc_7413
epyc_7313p
epyc_7262
epyc_7552
epyc_7351p
epyc_7f72
epyc_7232p
epyc_74f3
epyc_7443p
epyc_7763
epyc_7251
epyc_7513
epyc_7551
epyc_7343
epyc_embedded_3201
epyc_7h12
epyc_7272
epyc_7453
epyc_7352
epyc_7662
epyc_7282
epyc_7543
epyc_75f3
epyc_7401
epyc_7313
epyc_7301
epyc_7402p

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

7.2 /10