CVE-2022-23820
7.5HIGH
Key Information
- Vendor
- Amd
- Status
- Ryzen™ 3000 Series Desktop Processors “matisse"
- Amd Ryzen™ 5000 Series Desktop Processors “vermeer”
- Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4
- Vendor
- CVE Published:
- 14 November 2023
Summary
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
Affected Version(s)
Ryzen™ 3000 series Desktop Processors “Matisse" = various
AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” = various
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” = various
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: 9.8 to: 7.5 - (HIGH)
Risk change from: 9.8 to: 7.5 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database