CVE-2022-23829
8.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series | various | affected |
| AMD | AMD Ryzen™ 6000 Series Mobile Processors and Workstations | various | affected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | various | affected |
| AMD | AMD Ryzen™ 5000 Series Mobile Processors | various | affected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors | various | affected |
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | various | affected |
| AMD | AMD Ryzen™ 3000 Series Desktop Processors | various | affected |
| AMD | AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics | various | affected |
| AMD | AMD Ryzen™ 4000 Series Mobile Processors | various | affected |
| AMD | AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics | various | affected |
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | various | affected |
| AMD | AMD Ryzen™ Threadripper™ PRO Processor | various | affected |
| AMD | 1st Gen AMD EPYC™ Processors | various | affected |
| AMD | 2nd Gen AMD EPYC™ Processors | various | affected |
| AMD | 3rd Gen AMD EPYC™ Processors | various | affected |
| AMD | AMD EPYC™ Embedded 3000 | various | affected |
| AMD | AMD EPYC (TM) Embedded 7002 | various | affected |
| AMD | AMD EPYC™ Embedded 7003 | various | affected |
| AMD | AMD RyzenTM Embedded R1000 | various | affected |
| AMD | AMD RyzenTM Embedded R2000 | various | affected |
| AMD | AMD RyzenTM Embedded 5000 | various | affected |
| AMD | AMD RyzenTM Embedded V1000 | various | affected |
| AMD | AMD RyzenTM Embedded V2000 | various | affected |
| AMD | AMD RyzenTM Embedded V3000 | various | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.