CVE-2020-12951

CVSS V2 Medium 4.4 CVSS V3 High 7

Description

Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.

Overview

CVE ID
CVE-2020-12951

Assigner
psirt@amd.com

Vulnerability Status
Modified

Published Version
2021-11-16T19:15:07

Last Modified Date
2022-05-12T18:16:51

Weakness Enumerations

CWE	URL
CWE-362	http://cwe.mitre.org/data/definitions/362.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:amd:epyc_7003_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7003:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7002_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7002:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7001_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7001:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_72f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_72f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7313:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7313p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7313p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7343_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7343:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_73f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_73f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7413_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7413:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7443:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7443p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7443p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7453_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7453:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_74f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_74f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7513_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7513:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7543:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7543p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7543p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_75f3_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_75f3:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7643_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7643:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7663_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7663:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7713:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7713p_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7713p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7763_firmware::::::::	1	OR	milanpi-sp3_1.0.0.4
cpe:2.3:h:amd:epyc_7763:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7232p_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7232p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7252_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7252:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7262_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7262:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7272_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7272:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7282_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7282:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7302_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7302:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7302p_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7302p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7352_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7352:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7402_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7402:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7402p_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7402p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7452_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7452:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7502_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7502:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7502p_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7502p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7532_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7532:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7542_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7542:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7552_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7552:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7642_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7642:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7662_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7662:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7702_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7702:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7702p_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7702p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7742_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7742:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f32_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f32:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f52_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f52:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7f72_firmware::::::::	1	OR	romepi-sp3_1.0.0.c
cpe:2.3:h:amd:epyc_7f72:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7251_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7251:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7281_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7281:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7301_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7301:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7351_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7351:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7351p_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7351p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7401_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7401:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7401p_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7401p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7451_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7451:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7501_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7501:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7551_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7551:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7551p_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7551p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7601_firmware::::::::	1	OR	naplespi-sp3_1.0.0.g
cpe:2.3:h:amd:epyc_7601:-:::::::*	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector
LOCAL

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
4.4

Severity
MEDIUM

Exploitability Score
3.4

Impact Score
6.4

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector
LOCAL

Attack Compatibility
HIGH

Privileges Required
LOW

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
7

Base Severity
HIGH

Exploitability Score
1

Impact Score
5.9

References

Reference URL	Reference Tags
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2020-12951
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12951

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 06:45:48				Added to TrackCVE
2022-12-05 14:37:30	2021-11-16T19:15Z	2021-11-16T19:15:07	CVE Published Date	updated
2022-12-05 14:37:30		2022-05-12T18:16:51	CVE Modified Date	updated
2022-12-05 14:37:30		Modified	Vulnerability Status	updated