CVE-2022-23829

Published: Jun 18, 2024

Modified: Aug 29, 2024

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Vendor	Product	Versions
AMD	AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series	affected `various`
AMD	AMD Ryzen™ 6000 Series Mobile Processors and Workstations	affected `various`
AMD	AMD Ryzen™ 7000 Series Desktop Processors	affected `various`
AMD	AMD Ryzen™ 5000 Series Mobile Processors	affected `various`
AMD	AMD Ryzen™ 5000 Series Desktop Processors	affected `various`
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	affected `various`
AMD	AMD Ryzen™ 3000 Series Desktop Processors	affected `various`
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	affected `various`
AMD	AMD Ryzen™ 4000 Series Mobile Processors	affected `various`
AMD	AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics	affected `various`
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	affected `various`
AMD	AMD Ryzen™ Threadripper™ PRO Processor	affected `various`
AMD	1st Gen AMD EPYC™ Processors	affected `various`
AMD	2nd Gen AMD EPYC™ Processors	affected `various`
AMD	3rd Gen AMD EPYC™ Processors	affected `various`
AMD	AMD EPYC™ Embedded 3000	affected `various`
AMD	AMD EPYC (TM) Embedded 7002	affected `various`
AMD	AMD EPYC™ Embedded 7003	affected `various`
AMD	AMD RyzenTM Embedded R1000	affected `various`
AMD	AMD RyzenTM Embedded R2000	affected `various`
AMD	AMD RyzenTM Embedded 5000	affected `various`
AMD	AMD RyzenTM Embedded V1000	affected `various`
AMD	AMD RyzenTM Embedded V2000	affected `various`
AMD	AMD RyzenTM Embedded V3000	affected `various`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23829

Description

Affected Products

CVSS v3.1 Details

References