CVE-2022-23820

CVE-2022-23820

CVSS 7.5 HIGHEPSS 0.7%

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

AMD · 3rd Gen AMD EPYC™ Processors AMD · AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 AMD · AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · AMD EPYC™ Embedded 7003 AMD · AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 AMD · AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 AMD · AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD · AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD · AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD · AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD · AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”AMD · AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD · AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD · AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD · AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD · AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT AMD · AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS AMD · AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 AMD · Ryzen™ 3000 series Desktop Processors “Matisse"

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001