Potential Privilege Escalation Vulnerability in ASP Secure OS
CVE-2022-23817

7HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 3000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics; Amd Ryzen™ 7000 Series Desktop Processors
Vendor: CVE Published:; 13 August 2024

Summary

A security flaw exists in the ASP Secure OS due to insufficient validation of memory buffer operations. This vulnerability permits a malicious Trusted Application (TA) to access and modify the kernel's virtual address space. Such manipulation can result in unauthorized actions allowing the attacker to escalate privileges within the affected environment. The ramifications of this vulnerability underscore the necessity for robust security measures and timely updates to the affected systems.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4PI 1.0.0.9

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PollockPI-FT5 1.0.0.4

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jan 21, 2022

Collectors

NVD DatabaseMitre Database