Potential Privilege Escalation Vulnerability in ASP Secure OS
CVE-2022-23817

7.3HIGH

Key Information:

Vendor: Amd
Status: Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ Threadripper™ Pro 3000 Wx-series Processors; Amd Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics; Amd Ryzen™ Threadripper™ Pro 5000 Wx-series Processors
Vendor: CVE Published:; 13 August 2024

What is CVE-2022-23817?

A security flaw exists in the ASP Secure OS due to insufficient validation of memory buffer operations. This vulnerability permits a malicious Trusted Application (TA) to access and modify the kernel's virtual address space. Such manipulation can result in unauthorized actions allowing the attacker to escalate privileges within the affected environment. The ramifications of this vulnerability underscore the necessity for robust security measures and timely updates to the affected systems.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.E

AMD Instinct™ MI210 ROCm 7.0

AMD Instinct™ MI250 ROCm 7.0

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jan 21, 2022

CVE-2022-23817 Data

JSON

Amd

What is CVE-2022-23817?

Affected Version(s)

References

CVSS V4

Timeline