CVE-2018-8931 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9 CRITICAL	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
amd	ryzen_mobile_firmware	-
amd	ryzen_pro_firmware	-
amd	ryzen_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://amdflaws.com/

https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research

https://safefirmware.com/amdflaws_whitepaper.pdf

https://amdflaws.com/

https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research

https://safefirmware.com/amdflaws_whitepaper.pdf