Improper Access Control Vulnerability in AMD System Management Mode
CVE-2022-23821

9.8CRITICAL

Key Information:

Vendor

Amd
Status
Ryzen™ 3000 Series Desktop Processors “matisse”
Ryzen™ 5000 Series Desktop Processors “vermeer”
Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”
Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4
Vendor
CVE Published:
14 November 2023

What is CVE-2022-23821?

This vulnerability involves improper access control within System Management Mode (SMM), which may permit an attacker to write to the Serial Peripheral Interface (SPI) ROM. Exploitation of this vulnerability could potentially lead to arbitrary code execution, posing significant security risks to affected systems. It is crucial for users and administrators of AMD platforms to be aware of this issue and implement necessary security measures to safeguard their environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Ryzen™ Embedded 5000 various

AMD Ryzen™ Embedded R1000 various

AMD Ryzen™ Embedded R2000 various

References

https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory
https://www.amd.com/en/corporate/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.