Improper Access Control Vulnerability in AMD System Management Mode
CVE-2022-23821

9.8CRITICAL

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse”; Ryzen™ 5000 Series Desktop Processors “vermeer”; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”; Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4
Vendor: CVE Published:; 14 November 2023

Summary

This vulnerability involves improper access control within System Management Mode (SMM), which may permit an attacker to write to the Serial Peripheral Interface (SPI) ROM. Exploitation of this vulnerability could potentially lead to arbitrary code execution, posing significant security risks to affected systems. It is crucial for users and administrators of AMD platforms to be aware of this issue and implement necessary security measures to safeguard their environments.

Affected Version(s)

AMD Ryzen™ Embedded 5000 various

AMD Ryzen™ Embedded R1000 various

AMD Ryzen™ Embedded R2000 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jan 21, 2022

Collectors

NVD DatabaseMitre Database