CVE-2022-23830

3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 76.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware AMD Epyc 72f3 Firmware +65 more

Timeline

PublishedNov 14

Description

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages68 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.a

▶NVDamd/epyc_72f3_firmware< milanpi_1.0.0.a

▶NVDamd/epyc_7303_firmware< milanpi_1.0.0.a

▶NVDamd/epyc_7313_firmware< milanpi_1.0.0.a

▶NVDamd/epyc_7343_firmware< milanpi_1.0.0.a

🔴Vulnerability Details

CVEList

CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity↗2023-11-14

▶

GHSA

GHSA-r7xg-3gm7-8q8p: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity↗2023-11-14

▶