CVE-2022-23821

3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 37.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
132
AMD AMD Ryzen™ 5000 Series Processors With Radeon™ Graphics “barcelo”AMD AMD Ryzen™ 6000 Series Processors With Radeon™ Graphics "rembrandt"AMD AMD Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics “barcelo-r”+129 more
Timeline
PublishedNov 14

Description

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages132 packages

NVDamd/athlon_3015e_firmwarepollockpi-ft5_1.0.0.5
NVDamd/ryzen_3_3100_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1
NVDamd/ryzen_3_5100_firmwarecomboam4v2_pi_1.2.0.8
NVDamd/ryzen_5_3500_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1
NVDamd/ryzen_5_3600_firmwarecomboam4_pi_1.0.0.9, comboam4_v2_pi_1.2.0.8+1

🔴Vulnerability Details

2
CVEList
CVE-2022-23821: Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution2023-11-14
GHSA
GHSA-wrmf-3x8w-vcx2: Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution2023-11-14
CVE-2022-23821 (CRITICAL CVSS 9.8) | Improper access control in System M | cvebase.io