Potential weakness in AMD SPI protection features may allow malicious attackers to bypass kernel mode protections
CVE-2022-23829
8.2HIGH
Key Information
- Vendor
- Amd
- Status
- Amd Ryzen™ Threadripper™ Pro Processors 5900 Wx-series
- Amd Ryzen™ 6000 Series Mobile Processors And Workstations
- Amd Ryzen™ 7000 Series Desktop Processors
- Amd Ryzen™ 5000 Series Mobile Processors
- Vendor
- CVE Published:
- 18 June 2024
Summary
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
Affected Version(s)
AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series <= various
AMD Ryzen™ 6000 Series Mobile Processors and Workstations <= various
AMD Ryzen™ 7000 Series Desktop Processors <= various
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database