CVE-2022-23829

Summary

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Seriesvariousaffected
AMDAMD Ryzen™ 6000 Series Mobile Processors and Workstationsvariousaffected
AMDAMD Ryzen™ 7000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Mobile Processorsvariousaffected
AMDAMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphicsvariousaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ Threadripper™ PRO Processorvariousaffected
AMD1st Gen AMD EPYC™ Processorsvariousaffected
AMD2nd Gen AMD EPYC™ Processorsvariousaffected
AMD3rd Gen AMD EPYC™ Processorsvariousaffected
AMDAMD EPYC™ Embedded 3000variousaffected
AMDAMD EPYC (TM) Embedded 7002variousaffected
AMDAMD EPYC™ Embedded 7003variousaffected
AMDAMD RyzenTM Embedded R1000variousaffected
AMDAMD RyzenTM Embedded R2000variousaffected
AMDAMD RyzenTM Embedded 5000variousaffected
AMDAMD RyzenTM Embedded V1000variousaffected
AMDAMD RyzenTM Embedded V2000variousaffected
AMDAMD RyzenTM Embedded V3000variousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References