What is CVE-2020-12967?

CVE-2020-12967 is a high-severity vulnerability in Amd Epyc_7232p, classified under Command Injection. CVSS score: 7.2/10. Published 2021-05-13.

How severe is CVE-2020-12967?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Amd Epyc_7232p

CVE-2020-12967

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.017 (74.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Amd Epyc_7232p
Amd Epyc_7251
Amd Epyc_7252
Amd Epyc_7261
Amd Epyc_7262
Amd Epyc_7272
Amd Epyc_7281
Amd Epyc_7282
Amd Epyc_72f3
Amd Epyc_7301

Weakness classification (CWE)

CWE-77 — Command Injection

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-12967?: CVE-2020-12967 is a high-severity vulnerability in Amd Epyc_7232p, classified under Command Injection. CVSS score: 7.2/10. Published 2021-05-13.
How severe is CVE-2020-12967?: High severity. CVSS v3 base score is 7.2 out of 10.