CVE-2022-23829 — Improper Access Control in AMD Athlon 3000 Series Mobile Processors With Radeon Graphics

CWE-284 — Improper Access Control5 documents5 sources

Severity

8.2HIGHNVD

EPSS

0.0%

top 99.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 1ST GEN AMD Epyc Processors AMD 2ND GEN AMD Epyc Processors AMD 3RD GEN AMD Epyc Processors +21 more

Timeline

PublishedJun 18

Description

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages24 packages

▶CVEListV5amd/amd_epyc_embedded_3000various

▶CVEListV5amd/amd_epyc_embedded_7002various

▶CVEListV5amd/amd_epyc_embedded_7003various

▶CVEListV5amd/amd_ryzentm_embedded_5000various

▶CVEListV5amd/amd_ryzentm_embedded_r1000various

🔴Vulnerability Details

GHSA

GHSA-624f-w3rg-939c: A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Managem↗2024-06-18

▶

CVEList

CVE-2022-23829: A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Managem↗2024-06-18

▶

📋Vendor Advisories

Red Hat

hw: amd: SPI protection feature may result in a potential arbitrary code execution.↗2024-06-11

▶

💬Community

Bugzilla

CVE-2022-23829 hw: amd: SPI protection feature may result in a potential arbitrary code execution.↗2023-03-10

▶