CVE-2022-23821

Summary

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processors “Matisse”variousaffected
AMDRyzen™ 5000 Series Desktop Processors “Vermeer”variousaffected
AMDRyzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”variousaffected
AMDAthlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4variousaffected
AMDRyzen™ Threadripper™ 2000 Series Processors “Colfax”variousaffected
AMDRyzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3variousaffected
AMDRyzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSvariousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”variousaffected
AMDRyzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5variousaffected
AMDRyzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”variousaffected
AMDAthlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”variousaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics “Rembrandt”variousaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”variousaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”variousaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”variousaffected
AMDAMD Ryzen™ Embedded R1000variousaffected
AMDAMD Ryzen™ Embedded R2000variousaffected
AMDAMD Ryzen™ Embedded 5000variousaffected
AMDAMD Ryzen™ Embedded V1000variousaffected
AMDAMD Ryzen™ Embedded V2000variousaffected
AMDAMD Ryzen™ Embedded V3000variousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References