CVE-2022-23817

Summary

Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.5unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Aunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.5unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Aunaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.0.Eunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6 1.0.0.Cunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4V1 1.0.0.Aunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4V2 1.2.0.9unaffected
AMDAMD Ryzen™ 2000 Mobile ProcessorsComboAM4v2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ 2000 Mobile ProcessorsComboAM4PI 1.0.0.9unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2 PI 1.2.0.8unaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.5unaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Raven Ridge”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed “Picasso”)EmbeddedPI-FP5_1.2.0.Aunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorEmbeddedPI-FP6_1.0.0.8unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbeddedPI-FP7r2_1002unaffected
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: PRO Edition 22.Q2 (22.10.20)unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 22.Q2 (22.10.20)unaffected
AMDMI-25 / 50No fix plannedunaffected
AMDMI-100ROCm 6.4.2unaffected
AMDAMD Instinct™ MI250ROCm 7.0unaffected
AMDAMD Instinct™ MI210ROCm 7.0unaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References