CVE-2020-12967

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-12967
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3101:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3151:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3201:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3255:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3451:-:*:*:*:*:*:*:*
History

25 May 2021, 14:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 9.0
v3 : 7.2
References (MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - (MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004 - Vendor Advisory
CWE CWE-77
CPE cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3201:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3255:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3451:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3151:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3351:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_embedded_3101:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*

13 May 2021, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-05-13 12:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-12967

Mitre link : CVE-2020-12967

CVE.ORG link : CVE-2020-12967

JSON object : View

Products Affected

amd

  • epyc_7351p
  • epyc_7452
  • epyc_7272
  • epyc_7702p
  • epyc_7351
  • epyc_7413
  • epyc_7502p
  • epyc_7401
  • epyc_7261
  • epyc_7552
  • epyc_7232p
  • epyc_7281
  • epyc_7402
  • epyc_75f3
  • epyc_7543p
  • epyc_7763
  • epyc_7301
  • epyc_embedded_3451
  • epyc_7551
  • epyc_7f72
  • epyc_7551p
  • epyc_7443
  • epyc_7313
  • epyc_7643
  • epyc_7453
  • epyc_embedded_3101
  • epyc_7h12
  • epyc_7282
  • epyc_74f3
  • epyc_7302p
  • epyc_7f52
  • epyc_7262
  • epyc_embedded_3351
  • epyc_7401p
  • epyc_7532
  • epyc_7451
  • epyc_7513
  • epyc_72f3
  • epyc_7f32
  • epyc_7402p
  • epyc_7251
  • epyc_7352
  • epyc_7601
  • epyc_embedded_3251
  • epyc_7443p
  • epyc_7663
  • epyc_7642
  • epyc_7543
  • epyc_embedded_3255
  • epyc_73f3
  • epyc_7702
  • epyc_7302
  • epyc_7371
  • epyc_7501
  • epyc_7662
  • epyc_7713p
  • epyc_embedded_3151
  • epyc_embedded_3201
  • epyc_7502
  • epyc_7252
  • epyc_7713
  • epyc_7542
  • epyc_7742
  • epyc_7343
  • epyc_7313p
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')