CVE-2020-12966
MEDIUMAMD EPYC Firmware < milanpi-sp3_1.0.0.5 - Authenticated Information Disclosure via SEV-ES/SEV-SNP
Title source: llmDescription
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/08/08/6
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
33.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (50)
amd/epyc_7001_firmware
amd/epyc_7002_firmware
amd/epyc_7003_firmware
< milanpi-sp3_1.0.0.5
amd/epyc_7232p_firmware
amd/epyc_7251_firmware
amd/epyc_7252_firmware
amd/epyc_7261_firmware
amd/epyc_7262_firmware
amd/epyc_7272_firmware
amd/epyc_7281_firmware
... and 40 more
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026