CVE-2022-23820

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 59.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

124

AMD 3RD GEN AMD Epyc™ Processors AMD AMD Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” AM4 AMD AMD Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”+121 more

Timeline

PublishedNov 14

Description

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages124 packages

▶NVDamd/athlon_3015e_firmwarepollockpi-ft5_1.0.0.5

▶NVDamd/ryzen_3_3100_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1

▶NVDamd/ryzen_3_5100_firmwarecomboam4v2_pi_1.2.0.8

▶NVDamd/ryzen_5_3500_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1

▶NVDamd/ryzen_5_3600_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1

🔴Vulnerability Details

GHSA

GHSA-9fmg-2fcx-q3vf: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution↗2023-11-14

▶

CVEList

CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution↗2023-11-14

▶