Potential weakness in AMD SPI protection features may allow malicious attackers to bypass kernel mode protections
CVE-2022-23829

8.2HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Threadripper™ Pro Processors 5900 Wx-series; Amd Ryzen™ 6000 Series Mobile Processors And Workstations; Amd Ryzen™ 7000 Series Desktop Processors; Amd Ryzen™ 5000 Series Mobile Processors
Vendor: CVE Published:; 18 June 2024

Summary

A potential weakness in the SPI protection features of AMD systems enables a malicious actor with Ring0 (kernel mode) access to circumvent the built-in protections of the System Management Mode (SMM) ROM. This may lead to unauthorized access to critical system functions, potentially compromising the integrity of the entire system. Organizations utilizing affected AMD products should assess their security measures and enhance their defenses against potential exploitation.

Affected Version(s)

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors various

3rd Gen AMD EPYC™ Processors various

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jan 21, 2022

Collectors

NVD DatabaseMitre Database