CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Affected

142 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	3rd_gen_amd_epyc_processors	—	—
amd	amd_athlon_3000_series_desktop_processors_with_radeon_graphics_picasso_am4	—	—
amd	amd_athlon_3000_series_mobile_processors_with_radeon_graphics_pollock	—	—
amd	amd_epyc_embedded_7003	—	—
amd	amd_ryzen_3000_series_mobile_processor_with_radeon_graphics_picasso_fp5	—	—
amd	amd_ryzen_4000_series_mobile_processors_with_radeon_graphics_renoir_fp6	—	—
amd	amd_ryzen_5000_series_desktop_processor_with_radeon_graphics_cezanne	—	—
amd	amd_ryzen_5000_series_desktop_processors_vermeer	—	—
amd	amd_ryzen_5000_series_mobile_processors_with_radeon_graphics_cezanne	—	—
amd	amd_ryzen_5000_series_mobile_processors_with_radeon_graphics_lucienne	—	—
amd	amd_ryzen_5000_series_processors_with_radeon_graphics_barcelo	—	—
amd	amd_ryzen_6000_series_processors_with_radeon_graphics_rembrandt	—	—
amd	amd_ryzen_7030_series_mobile_processors_with_radeon_graphics_barcelo-r	—	—
amd	amd_ryzen_7035_series_processors_with_radeon_graphics_rembrandt-r	—	—
amd	amd_ryzen_threadripper_2000_series_processors_colfax	—	—
amd	amd_ryzen_threadripper_3000_series_processors_castle_peak_hedt	—	—
amd	amd_ryzen_threadripper_pro_3000wx_series_processors_chagall_ws	—	—
amd	amd_ryzen_threadripper_pro_processors_castle_peak_ws_sp3	—	—
amd	athlon_3015ce_firmware	—	—
amd	athlon_3015e_firmware	—	—
amd	ryzen_3000_series_desktop_processors_matisse	—	—
amd	ryzen_3_3100_firmware	—	—
amd	ryzen_3_3100_firmware	—	—
amd	ryzen_3_3300u_firmware	—	—
amd	ryzen_3_3300x_firmware	—	—