Buffer Validation Flaw in AMD Products
CVE-2022-23820

7.5HIGH

Key Information:

Vendor

Amd
Status
Ryzen™ 3000 Series Desktop Processors “matisse"
Amd Ryzen™ 5000 Series Desktop Processors “vermeer”
Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”
Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4
Vendor
CVE Published:
14 November 2023

What is CVE-2022-23820?

A buffer validation flaw in AMD's SMM communication buffer poses a security risk by allowing potential attackers to corrupt the SMRAM. This vulnerability enables the possibility of executing arbitrary code, which can lead to unauthorized access and manipulation of the system. To mitigate this risk, users are advised to apply the latest security patches from AMD.

Affected Version(s)

3rd Gen AMD EPYC™ Processors x86 various

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 x86 various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-23820 : Buffer Validation Flaw in AMD Products