bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added amd cna 2 example captured data potential from advisory

Browse source
This commit is contained in:
Brendan McDevitt 2022-05-20 15:51:35 -05:00
parent 222619e03a
commit 090fe2a119
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
doc/cna_readme_notes/cnas_with_html_advisories.md
View file

@ -1,4 +1,5 @@
# CNAs with HTML advisories # CNAs with HTML advisories
## Adobe Systems Incorporated ## Adobe Systems Incorporated
### Advisory ### Advisory
https://helpx.adobe.com/security/alertus.html https://helpx.adobe.com/security/alertus.html
@ -22,6 +23,21 @@ Each advisory has HTML tables with tr and td tags. h1 and h2 tags for validation
## AMD ## AMD
### Advisory ### Advisory
https://www.amd.com/en/corporate/product-security https://www.amd.com/en/corporate/product-security
#### Captured Data Potential From Advisory
```
# Note: Additional advisories have some more keys than the example shown below
# for example: AMD-SB-1028 also has a :cve_details table with :cve, :cvss_score, :cve_description in each row.
{
:bulletin_id => 'AMD-SB-1033',
:potential_impact => 'Data leakage',
:severity =>'Medium',
:summary => 'AMD received notification of a potential security vulnerability where data in specific cryptographic algorithms can be inferred in a SEV guest by monitoring the ciphertext values over time. Researchers from the Institute for IT-Security University of Luebeck and The Ohio State University will present their paper titled “A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP” at the 43rd IEEE Symposium on Security and Privacy scheduled for May 23-25, 2022. CVE-2021-46744 An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.',
:affected_products => ['1st/2nd/3rdGen AMD EPYC™ Processors', 'AMD EPYC™ Embedded Processors'],
:mitigation => 'AMD has provided guidance via an updated paper located here: TECHNICAL GUIDANCE FOR MITIGATING EFFECTS OF CIPHERTEXT VISIBILITY UNDER AMD SEV As of the date of this notice, AMD is not aware of any active exploits in the wild of CVE-2021-46744 on AMD products. We continue to look for ways to make our products more secure, including working closely with partners, academics, researchers, and end-users in the ecosystem.',
:references => 'https://www.amd.com/system/files/documents/221404394-a_security_wp_final.pdf'
}
```
## Ampere ## Ampere
#### Advisory #### Advisory
https://amperecomputing.com/products/product-security.html https://amperecomputing.com/products/product-security.html