CVE-2020-12966
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
04/02/2022
Last modified:
26/10/2022
Description
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) | |
| cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:* | milanpi-sp3_1.0.0.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page